Index: ChangeLog
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/ChangeLog,v
retrieving revision 1.602.2.130
diff -r1.602.2.130 ChangeLog
0a1,7
> 2011-03-12  Frank Warmerdam  <warmerdam@pobox.com>
> 
> 	* libtiff/tif_thunder.c: Correct potential buffer overflow with 
> 	thunder encoded files with wrong bitspersample set.  The libtiff 
> 	development team would like to thank Marin Barbella and TippingPoint's
> 	Zero Day Initiative for reporting this vulnerability (ZDI-CAN-1004).
> 
Index: libtiff/tif_thunder.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_thunder.c,v
retrieving revision 1.5.2.1
diff -r1.5.2.1 tif_thunder.c
27a28
> #include <assert.h>
58,62c59,65
< #define	SETPIXEL(op, v) { \
< 	lastpixel = (v) & 0xf; \
< 	if (npixels++ & 1) \
< 	    *op++ |= lastpixel; \
< 	else \
---
> #define	SETPIXEL(op, v) {                     \
> 	lastpixel = (v) & 0xf;                \
>         if ( npixels < maxpixels )         \
>         {                                     \
> 	  if (npixels++ & 1)                  \
> 	    *op++ |= lastpixel;               \
> 	  else                                \
63a67,84
>         }                                     \
> }
> 
> static int
> ThunderSetupDecode(TIFF* tif)
> {
> 	static const char module[] = "ThunderSetupDecode";
> 
>         if( tif->tif_dir.td_bitspersample != 4 )
>         {
>                 TIFFErrorExt(tif->tif_clientdata, module,
>                              "Wrong bitspersample value (%d), Thunder decoder only supports 4bits per sample.",
>                              (int) tif->tif_dir.td_bitspersample );
>                 return 0;
>         }
>         
> 
> 	return (1);
145c166,167
< 	return (1);
---
> 
>         return (1);
153a176
>         tif->tif_setupdecode = ThunderSetupDecode;
165a189
>