PSARC 2016/633 libtiff 4.0.7
authorNiveditha Rau <Niveditha.Rau@Oracle.COM>
Tue, 03 Jan 2017 16:06:35 -0800
changeset 7539 f01c0ae41b1b
parent 7530 70d78b6a44bb
child 7540 44a10ef5a23c
PSARC 2016/633 libtiff 4.0.7 25126075 Upgrade libtiff to 4.0.7 25146397 problem in LIBRARY/LIBTIFF 25146400 problem in LIBRARY/LIBTIFF 25146402 problem in LIBRARY/LIBTIFF 25146403 problem in LIBRARY/LIBTIFF 25146404 problem in LIBRARY/LIBTIFF 25146406 problem in LIBRARY/LIBTIFF 25146409 problem in LIBRARY/LIBTIFF 25146411 problem in LIBRARY/LIBTIFF 24693091 Upstream project URL for libtiff needs updating
components/desktop/libtiff/Makefile
components/desktop/libtiff/libtiff.p5m
components/desktop/libtiff/patches/01-CVE-2015-8784.patch
components/desktop/libtiff/patches/02-CVE-2015-8665.patch
components/desktop/libtiff/patches/03-CVE-2015-8781.patch
components/desktop/libtiff/test/results-all.master
--- a/components/desktop/libtiff/Makefile	Tue Jan 03 15:16:37 2017 -0800
+++ b/components/desktop/libtiff/Makefile	Tue Jan 03 16:06:35 2017 -0800
@@ -18,22 +18,22 @@
 #
 # CDDL HEADER END
 #
-# Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
 #
 
 include ../../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		libtiff
-COMPONENT_VERSION=	4.0.6
-COMPONENT_PROJECT_URL=	http://www.remotesensing.org/libtiff/
+COMPONENT_VERSION=	4.0.7
+COMPONENT_PROJECT_URL=	http://www.simplesystems.org/libtiff/ 
 COMPONENT_SRC=		tiff-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH= \
-    sha256:4d57a50907b510e3049a4bba0d7888930fdfc16ce49f1bf693e5b6247370d68c
+    sha256:9f43a2cfb9589e5cecaa66e16bf87f814c945f22df7ba600d63aac4632c4f019
 COMPONENT_ARCHIVE_URL=	http://download.osgeo.org/libtiff/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	library/libtiff
 
-TPNO=			27312
+TPNO=			32732
 
 # Added to find the *.3tiff that go into /usr/share/man/man3tiff
 PKG_PROTO_DIRS += $(COMPONENT_SRC)/man
--- a/components/desktop/libtiff/libtiff.p5m	Tue Jan 03 15:16:37 2017 -0800
+++ b/components/desktop/libtiff/libtiff.p5m	Tue Jan 03 16:06:35 2017 -0800
@@ -20,7 +20,7 @@
 #
 
 #
-# Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
 #
 
 
@@ -38,20 +38,15 @@
     value="org.opensolaris.category.2008:System/Multimedia Libraries"
 set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
 set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
-set name=org.opensolaris.arc-caseid value=PSARC/2013/134
+set name=org.opensolaris.arc-caseid value=PSARC/2013/134 value=PSARC/2016/633
 set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
 
 
-file path=usr/bin/bmp2tiff
 file path=usr/bin/fax2ps
 file path=usr/bin/fax2tiff
-file path=usr/bin/gif2tiff
 file path=usr/bin/pal2rgb
 file path=usr/bin/ppm2tiff
-file path=usr/bin/ras2tiff
 file path=usr/bin/raw2tiff
-file path=usr/bin/rgb2ycbcr
-file path=usr/bin/thumbnail
 file path=usr/bin/tiff2bw
 file path=usr/bin/tiff2pdf
 file path=usr/bin/tiff2ps
@@ -69,13 +64,13 @@
 file path=usr/include/tiffconf.h
 file path=usr/include/tiffio.h
 file path=usr/include/tiffvers.h
-link path=usr/lib/$(MACH64)/libtiff.so target=libtiff.so.5.2.4
-link path=usr/lib/$(MACH64)/libtiff.so.5 target=libtiff.so.5.2.4
-file path=usr/lib/$(MACH64)/libtiff.so.5.2.4
+link path=usr/lib/$(MACH64)/libtiff.so target=libtiff.so.5.2.5
+link path=usr/lib/$(MACH64)/libtiff.so.5 target=libtiff.so.5.2.5
+file path=usr/lib/$(MACH64)/libtiff.so.5.2.5
 file path=usr/lib/$(MACH64)/pkgconfig/libtiff-4.pc
-link path=usr/lib/libtiff.so target=libtiff.so.5.2.4
-link path=usr/lib/libtiff.so.5 target=libtiff.so.5.2.4
-file path=usr/lib/libtiff.so.5.2.4
+link path=usr/lib/libtiff.so target=libtiff.so.5.2.5
+link path=usr/lib/libtiff.so.5 target=libtiff.so.5.2.5
+file path=usr/lib/libtiff.so.5.2.5
 file path=usr/lib/pkgconfig/libtiff-4.pc
 dir  path=usr/share/doc/tiff-$(COMPONENT_VERSION)
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/COPYRIGHT
@@ -158,19 +153,13 @@
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/TIFFstrip.3tiff.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/TIFFswab.3tiff.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/TIFFtile.3tiff.html
-file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/bmp2tiff.1.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/fax2ps.1.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/fax2tiff.1.html
-file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/gif2tiff.1.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/index.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/libtiff.3tiff.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/pal2rgb.1.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/ppm2tiff.1.html
-file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/ras2tiff.1.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/raw2tiff.1.html
-file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/rgb2ycbcr.1.html
-file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/sgi2tiff.1.html
-file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/thumbnail.1.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/tiff2bw.1.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/tiff2pdf.1.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/tiff2ps.1.html
@@ -185,7 +174,6 @@
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/tiffmedian.1.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/tiffset.1.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/tiffsplit.1.html
-file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/man/tiffsv.1.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/misc.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/support.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/tools.html
@@ -231,17 +219,11 @@
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/v4.0.4.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/v4.0.4beta.html
 file path=usr/share/doc/tiff-$(COMPONENT_VERSION)/html/v4.0.5.html
-file path=usr/share/man/man1/bmp2tiff.1
 file path=usr/share/man/man1/fax2ps.1
 file path=usr/share/man/man1/fax2tiff.1
-file path=usr/share/man/man1/gif2tiff.1
 file path=usr/share/man/man1/pal2rgb.1
 file path=usr/share/man/man1/ppm2tiff.1
-file path=usr/share/man/man1/ras2tiff.1
 file path=usr/share/man/man1/raw2tiff.1
-file path=usr/share/man/man1/rgb2ycbcr.1
-file path=usr/share/man/man1/sgi2tiff.1
-file path=usr/share/man/man1/thumbnail.1
 file path=usr/share/man/man1/tiff2bw.1
 file path=usr/share/man/man1/tiff2pdf.1
 file path=usr/share/man/man1/tiff2ps.1
@@ -256,7 +238,6 @@
 file path=usr/share/man/man1/tiffmedian.1
 file path=usr/share/man/man1/tiffset.1
 file path=usr/share/man/man1/tiffsplit.1
-file path=usr/share/man/man1/tiffsv.1
 dir  path=usr/share/man/man3tiff
 file path=usr/share/man/man3tiff/TIFFClose.3tiff
 file path=usr/share/man/man3tiff/TIFFDataWidth.3tiff
--- a/components/desktop/libtiff/patches/01-CVE-2015-8784.patch	Tue Jan 03 15:16:37 2017 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,47 +0,0 @@
-security fix from upstream for CVE-2015-8784
-
-From b18012dae552f85dcc5c57d3bf4e997a15b1cc1c Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sun, 27 Dec 2015 16:55:20 +0000
-Subject: [PATCH] * libtiff/tif_next.c: fix potential out-of-bound write in
-NeXTDecode() triggered by http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
-(bugzilla #2508)
-
-diff --git a/libtiff/tif_next.c b/libtiff/tif_next.c
-index dd669cc..0a5b635 100644
---- a/libtiff/tif_next.c
-+++ b/libtiff/tif_next.c
[email protected]@ -37,7 +37,7 @@
- 	case 0:	op[0]  = (unsigned char) ((v) << 6); break;	\
- 	case 1:	op[0] |= (v) << 4; break;	\
- 	case 2:	op[0] |= (v) << 2; break;	\
--	case 3:	*op++ |= (v);	   break;	\
-+	case 3:	*op++ |= (v);	   op_offset++; break;	\
- 	}					\
- }
- 
[email protected]@ -106,6 +106,7 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
- 			uint32 imagewidth = tif->tif_dir.td_imagewidth;
-             if( isTiled(tif) )
-                 imagewidth = tif->tif_dir.td_tilewidth;
-+            tmsize_t op_offset = 0;
- 
- 			/*
- 			 * The scanline is composed of a sequence of constant
[email protected]@ -122,10 +123,15 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
- 				 * bounds, potentially resulting in a security
- 				 * issue.
- 				 */
--				while (n-- > 0 && npixels < imagewidth)
-+				while (n-- > 0 && npixels < imagewidth && op_offset < scanline)
- 					SETPIXEL(op, grey);
- 				if (npixels >= imagewidth)
- 					break;
-+                if (op_offset >= scanline ) {
-+                    TIFFErrorExt(tif->tif_clientdata, module, "Invalid data for scanline %ld",
-+                        (long) tif->tif_row);
-+                    return (0);
-+                }
- 				if (cc == 0)
- 					goto bad;
- 				n = *bp++, cc--;
--- a/components/desktop/libtiff/patches/02-CVE-2015-8665.patch	Tue Jan 03 15:16:37 2017 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,110 +0,0 @@
-security patch from upstream for CVE-2015-8665
-
-From f94a29a822f5528d2334592760fbb7938f15eb55
-From: erouault <erouault>
-libtiff/tif_getimage.c: fix out-of-bound reads in TIFFRGBAImage
-interface in case of unsupported values of SamplesPerPixel/ExtraSamples
-for LogLUV / CIELab. Add explicit call to TIFFRGBAImageOK() in
-TIFFRGBAImageBegin(). Fix CVE-2015-8665 reported by limingxing and
-CVE-2015-8683 reported by zzf of Alibaba.
- 
-diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
-index cdeff08..261aad6 100644
---- a/libtiff/tif_getimage.c
-+++ b/libtiff/tif_getimage.c
[email protected]@ -182,20 +182,22 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
- 				    "Planarconfiguration", td->td_planarconfig);
- 				return (0);
- 			}
--			if( td->td_samplesperpixel != 3 )
-+			if( td->td_samplesperpixel != 3 || colorchannels != 3 )
-             {
-                 sprintf(emsg,
--                        "Sorry, can not handle image with %s=%d",
--                        "Samples/pixel", td->td_samplesperpixel);
-+                        "Sorry, can not handle image with %s=%d, %s=%d",
-+                        "Samples/pixel", td->td_samplesperpixel,
-+                        "colorchannels", colorchannels);
-                 return 0;
-             }
- 			break;
- 		case PHOTOMETRIC_CIELAB:
--            if( td->td_samplesperpixel != 3 || td->td_bitspersample != 8 )
-+            if( td->td_samplesperpixel != 3 || colorchannels != 3 || td->td_bitspersample != 8 )
-             {
-                 sprintf(emsg,
--                        "Sorry, can not handle image with %s=%d and %s=%d",
-+                        "Sorry, can not handle image with %s=%d, %s=%d and %s=%d",
-                         "Samples/pixel", td->td_samplesperpixel,
-+                        "colorchannels", colorchannels,
-                         "Bits/sample", td->td_bitspersample);
-                 return 0;
-             }
[email protected]@ -255,6 +257,9 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024])
- 	int colorchannels;
- 	uint16 *red_orig, *green_orig, *blue_orig;
- 	int n_color;
-+	
-+	if( !TIFFRGBAImageOK(tif, emsg) )
-+		return 0;
- 
- 	/* Initialize to normal values */
- 	img->row_offset = 0;
[email protected]@ -2509,29 +2514,33 @@ PickContigCase(TIFFRGBAImage* img)
- 		case PHOTOMETRIC_RGB:
- 			switch (img->bitspersample) {
- 				case 8:
--					if (img->alpha == EXTRASAMPLE_ASSOCALPHA)
-+					if (img->alpha == EXTRASAMPLE_ASSOCALPHA &&
-+						img->samplesperpixel >= 4)
- 						img->put.contig = putRGBAAcontig8bittile;
--					else if (img->alpha == EXTRASAMPLE_UNASSALPHA)
-+					else if (img->alpha == EXTRASAMPLE_UNASSALPHA &&
-+							 img->samplesperpixel >= 4)
- 					{
- 						if (BuildMapUaToAa(img))
- 							img->put.contig = putRGBUAcontig8bittile;
- 					}
--					else
-+					else if( img->samplesperpixel >= 3 )
- 						img->put.contig = putRGBcontig8bittile;
- 					break;
- 				case 16:
--					if (img->alpha == EXTRASAMPLE_ASSOCALPHA)
-+					if (img->alpha == EXTRASAMPLE_ASSOCALPHA &&
-+						img->samplesperpixel >=4 )
- 					{
- 						if (BuildMapBitdepth16To8(img))
- 							img->put.contig = putRGBAAcontig16bittile;
- 					}
--					else if (img->alpha == EXTRASAMPLE_UNASSALPHA)
-+					else if (img->alpha == EXTRASAMPLE_UNASSALPHA &&
-+							 img->samplesperpixel >=4 )
- 					{
- 						if (BuildMapBitdepth16To8(img) &&
- 						    BuildMapUaToAa(img))
- 							img->put.contig = putRGBUAcontig16bittile;
- 					}
--					else
-+					else if( img->samplesperpixel >=3 )
- 					{
- 						if (BuildMapBitdepth16To8(img))
- 							img->put.contig = putRGBcontig16bittile;
[email protected]@ -2540,7 +2549,7 @@ PickContigCase(TIFFRGBAImage* img)
- 			}
- 			break;
- 		case PHOTOMETRIC_SEPARATED:
--			if (buildMap(img)) {
-+			if (img->samplesperpixel >=4 && buildMap(img)) {
- 				if (img->bitspersample == 8) {
- 					if (!img->Map)
- 						img->put.contig = putRGBcontig8bitCMYKtile;
[email protected]@ -2636,7 +2645,7 @@ PickContigCase(TIFFRGBAImage* img)
- 			}
- 			break;
- 		case PHOTOMETRIC_CIELAB:
--			if (buildMap(img)) {
-+			if (img->samplesperpixel == 3 && buildMap(img)) {
- 				if (img->bitspersample == 8)
- 					img->put.contig = initCIELabConversion(img);
- 				break;
--- a/components/desktop/libtiff/patches/03-CVE-2015-8781.patch	Tue Jan 03 15:16:37 2017 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,167 +0,0 @@
-security patch from upstream
-
-From aaab5c3c9d2a2c6984f23ccbc79702610439bc65 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sun, 27 Dec 2015 16:25:11 +0000
-Subject: [PATCH] * libtiff/tif_luv.c: fix potential out-of-bound writes in
-decode functions in non debug builds by replacing assert()s by regular if
-checks (bugzilla #2522). Fix potential out-of-bound reads in case of short
-input data.
-
---- tiff-4.0.6/libtiff/tif_luv.c	Fri Mar 25 08:46:18 2016
-+++ tiff-4.0.6/libtiff/tif_luv.c	Fri Mar 25 09:22:33 2016
[email protected]@ -202,7 +202,11 @@
- 	if (sp->user_datafmt == SGILOGDATAFMT_16BIT)
- 		tp = (int16*) op;
- 	else {
--		assert(sp->tbuflen >= npixels);
-+		if(sp->tbuflen < npixels) {
-+		    	TIFFErrorExt(tif->tif_clientdata, module,
-+				"Translation buffer too short");
-+			return (0);
-+		}
- 		tp = (int16*) sp->tbuf;
- 	}
- 	_TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0]));
[email protected]@ -211,9 +215,11 @@
- 	cc = tif->tif_rawcc;
- 	/* get each byte string */
- 	for (shft = 2*8; (shft -= 8) >= 0; ) {
--		for (i = 0; i < npixels && cc > 0; )
-+		for (i = 0; i < npixels && cc > 0; ) {
- 			if (*bp >= 128) {		/* run */
--				rc = *bp++ + (2-128);   /* TODO: potential input buffer overrun when decoding corrupt or truncated data */
-+				if( cc < 2 )
-+					break;
-+				rc = *bp++ + (2-128);
- 				b = (int16)(*bp++ << shft);
- 				cc -= 2;
- 				while (rc-- && i < npixels)
[email protected]@ -223,6 +229,7 @@
- 				while (--cc && rc-- && i < npixels)
- 					tp[i++] |= (int16)*bp++ << shft;
- 			}
-+		}
- 		if (i != npixels) {
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- 			TIFFErrorExt(tif->tif_clientdata, module,
[email protected]@ -268,13 +275,17 @@
- 	if (sp->user_datafmt == SGILOGDATAFMT_RAW)
- 		tp = (uint32 *)op;
- 	else {
--		assert(sp->tbuflen >= npixels);
-+		if(sp->tbuflen < npixels) {
-+			TIFFErrorExt(tif->tif_clientdata, module,
-+				"Translation buffer too short");
-+			return (0);
-+		}
- 		tp = (uint32 *) sp->tbuf;
- 	}
- 	/* copy to array of uint32 */
- 	bp = (unsigned char*) tif->tif_rawcp;
- 	cc = tif->tif_rawcc;
--	for (i = 0; i < npixels && cc > 0; i++) {
-+	for (i = 0; i < npixels && cc >= 3; i++) {
- 		tp[i] = bp[0] << 16 | bp[1] << 8 | bp[2];
- 		bp += 3;
- 		cc -= 3;
[email protected]@ -325,7 +336,11 @@
- 	if (sp->user_datafmt == SGILOGDATAFMT_RAW)
- 		tp = (uint32*) op;
- 	else {
--		assert(sp->tbuflen >= npixels);
-+		if(sp->tbuflen < npixels) {
-+			TIFFErrorExt(tif->tif_clientdata, module,
-+				"Translation buffer too short");
-+			return (0);
-+		}
- 		tp = (uint32*) sp->tbuf;
- 	}
- 	_TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0]));
[email protected]@ -334,11 +349,13 @@
- 	cc = tif->tif_rawcc;
- 	/* get each byte string */
- 	for (shft = 4*8; (shft -= 8) >= 0; ) {
--		for (i = 0; i < npixels && cc > 0; )
-+		for (i = 0; i < npixels && cc > 0; ) {
- 			if (*bp >= 128) {		/* run */
-+				if( cc < 2 )
-+					break;
- 				rc = *bp++ + (2-128);
- 				b = (uint32)*bp++ << shft;
--				cc -= 2;                /* TODO: potential input buffer overrun when decoding corrupt or truncated data */
-+				cc -= 2;
- 				while (rc-- && i < npixels)
- 					tp[i++] |= b;
- 			} else {			/* non-run */
[email protected]@ -346,6 +363,7 @@
- 				while (--cc && rc-- && i < npixels)
- 					tp[i++] |= (uint32)*bp++ << shft;
- 			}
-+		}
- 		if (i != npixels) {
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- 			TIFFErrorExt(tif->tif_clientdata, module,
[email protected]@ -413,6 +431,7 @@
- static int
- LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- {
-+	static const char module[] = "LogL16Encode";
- 	LogLuvState* sp = EncoderState(tif);
- 	int shft;
- 	tmsize_t i;
[email protected]@ -433,7 +452,11 @@
- 		tp = (int16*) bp;
- 	else {
- 		tp = (int16*) sp->tbuf;
--		assert(sp->tbuflen >= npixels);
-+		if(sp->tbuflen < npixels) {
-+			TIFFErrorExt(tif->tif_clientdata, module,
-+				"Translation buffer too short");
-+			return (0);
-+		}
- 		(*sp->tfunc)(sp, bp, npixels);
- 	}
- 	/* compress each byte string */
[email protected]@ -506,6 +529,7 @@
- static int
- LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- {
-+	static const char module[] = "LogLuvEncode24";
- 	LogLuvState* sp = EncoderState(tif);
- 	tmsize_t i;
- 	tmsize_t npixels;
[email protected]@ -521,7 +545,11 @@
- 		tp = (uint32*) bp;
- 	else {
- 		tp = (uint32*) sp->tbuf;
--		assert(sp->tbuflen >= npixels);
-+		if(sp->tbuflen < npixels) {
-+			TIFFErrorExt(tif->tif_clientdata, module,
-+				"Translation buffer too short");
-+			return (0);
-+		}
- 		(*sp->tfunc)(sp, bp, npixels);
- 	}
- 	/* write out encoded pixels */
[email protected]@ -553,6 +581,7 @@
- static int
- LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- {
-+	static const char module[] = "LogLuvEncode32";
- 	LogLuvState* sp = EncoderState(tif);
- 	int shft;
- 	tmsize_t i;
[email protected]@ -574,7 +603,11 @@
- 		tp = (uint32*) bp;
- 	else {
- 		tp = (uint32*) sp->tbuf;
--		assert(sp->tbuflen >= npixels);
-+		if(sp->tbuflen < npixels) {
-+			TIFFErrorExt(tif->tif_clientdata, module,
-+				"Translation buffer too short");
-+			return (0);
-+		}
- 		(*sp->tfunc)(sp, bp, npixels);
- 	}
- 	/* compress each byte string */
--- a/components/desktop/libtiff/test/results-all.master	Tue Jan 03 15:16:37 2017 -0800
+++ b/components/desktop/libtiff/test/results-all.master	Tue Jan 03 16:06:35 2017 -0800
@@ -5,9 +5,6 @@
 PASS: rewrite
 PASS: custom_dir
 PASS: raw_decode
-PASS: bmp2tiff_palette.sh
-PASS: bmp2tiff_rgb.sh
-PASS: gif2tiff.sh
 PASS: ppm2tiff_pbm.sh
 PASS: ppm2tiff_pgm.sh
 PASS: ppm2tiff_ppm.sh
@@ -79,8 +76,8 @@
 PASS: tiff2rgba-rgb-3c-16b.sh
 PASS: tiff2rgba-rgb-3c-8b.sh
 PASS: tiff2rgba-quad-tile.jpg.sh
-# TOTAL: 81
-# PASS:  81
+# TOTAL: 78
+# PASS:  78
 # SKIP:  0
 # XFAIL: 0
 # FAIL:  0