From 14d775352971d5c153bb1d3fd82ed188a7d996f6 Mon Sep 17 00:00:00 2001
From: Packit Service <user-cont-team+packit-service@redhat.com>
Date: Dec 09 2020 09:50:20 +0000
Subject: Apply patch libtiff-CVE-2009-5022.patch


patch_name: libtiff-CVE-2009-5022.patch
present_in_specfile: true

---

diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
index de0e7d3..336d47d 100644
--- a/libtiff/tif_ojpeg.c
+++ b/libtiff/tif_ojpeg.c
@@ -1537,7 +1537,6 @@ OJPEGReadHeaderInfoSecStreamSof(TIFF* tif, uint8 marker_id)
 		OJPEGReadSkip(sp,4);
 	else
 	{
-		/* TODO: probably best to also add check on allowed upper bound, especially x, may cause buffer overflow otherwise i think */
 		/* Y: Number of lines */
 		if (OJPEGReadWord(sp,&p)==0)
 			return(0);
@@ -1555,6 +1554,11 @@ OJPEGReadHeaderInfoSecStreamSof(TIFF* tif, uint8 marker_id)
 			TIFFErrorExt(tif->tif_clientdata,module,"JPEG compressed data indicates unexpected width");
 			return(0);
 		}
+		if ((uint32)p>sp->strile_width)
+		{
+			TIFFErrorExt(tif->tif_clientdata,module,"JPEG compressed data image width exceeds expected image width");
+			return(0);
+		}
 		sp->sof_x=p;
 	}
 	/* Nf: Number of image components in frame */