From: Cristy <urban-warrior@imagemagick.org>
Date: Thu, 14 Jul 2016 10:28:00 +0000 (-0400)
Subject: Prevent possible buffer overflow when reading TIFF images (bug report from Shi Pu... 
X-Git-Tag: 7.0.2-5~17
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=803bc34ebe023f209f745baf8a112610ff77cc8c;p=imagemagick

Prevent possible buffer overflow when reading TIFF images (bug report from Shi Pu of MS509 Team)
---

diff --git a/ChangeLog b/ChangeLog
index 640e37f49..cd0e834b4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
 2016-07-13  7.0.2-5 Cristy  <quetzlzacatenango@image...>
   * Fix MVG stroke-opacity (reference
     https://github.com/ImageMagick/ImageMagick/issues/229).
+  * Prevent possible buffer overflow when reading TIFF images (bug report from
+    Shi Pu of MS509 Team).
 
 2016-07-11  7.0.2-4 Cristy  <quetzlzacatenango@image...>
   * Release ImageMagick version 7.0.2-4, GIT revision 18591:50debe5:20160710.
diff --git a/coders/tiff.c b/coders/tiff.c
index 969de7093..fd171099d 100644
--- a/coders/tiff.c
+++ b/coders/tiff.c
@@ -1629,7 +1629,8 @@ RestoreMSCWarning
               quantum_type=GrayQuantum;
               pad=(size_t) MagickMax((size_t) samples_per_pixel-1,0);
             }
-        status=SetQuantumPad(image,quantum_info,pad*((bits_per_sample+7) >> 3));
+        status=SetQuantumPad(image,quantum_info,pad*pow(2,ceil(log(
+          bits_per_sample)/log(2))));
         if (status == MagickFalse)
           {
             TIFFClose(tiff);