1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327
3 --- a/libtiff/tif_lzw.c
4 +++ b/libtiff/tif_lzw.c
5 @@ -237,6 +237,13 @@ LZWSetupDecode(TIFF* tif)
6 sp->dec_codetab[code].length = 1;
7 sp->dec_codetab[code].next = NULL;
10 + * Zero-out the unused entries
12 + _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0,
13 + (CODE_FIRST-CODE_CLEAR)*sizeof (code_t));
19 @@ -408,12 +415,20 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize
21 if (code == CODE_CLEAR) {
22 free_entp = sp->dec_codetab + CODE_FIRST;
23 + _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
25 nbitsmask = MAXCODE(BITS_MIN);
26 maxcodep = sp->dec_codetab + nbitsmask-1;
27 NextCode(tif, sp, bp, code, GetNextCode);
30 + if (code == CODE_CLEAR) {
31 + TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
32 + "LZWDecode: Corrupted LZW table at scanline %d",
37 *op++ = (char)code, occ--;
38 oldcodep = sp->dec_codetab + code;
40 @@ -604,12 +619,20 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0,
42 if (code == CODE_CLEAR) {
43 free_entp = sp->dec_codetab + CODE_FIRST;
44 + _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
46 nbitsmask = MAXCODE(BITS_MIN);
47 maxcodep = sp->dec_codetab + nbitsmask;
48 NextCode(tif, sp, bp, code, GetNextCodeCompat);
51 + if (code == CODE_CLEAR) {
52 + TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
53 + "LZWDecode: Corrupted LZW table at scanline %d",
59 oldcodep = sp->dec_codetab + code;