Fix CVE-2016-10094:

http://bugzilla.maptools.org/show_bug.cgi?id=2640
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10094
https://security-tracker.debian.org/tracker/CVE-2016-10094

2016-12-20 Even Rouault <even.rouault at spatialys.com>

        * tools/tiff2pdf.c: avoid potential heap-based overflow in
        t2p_readwrite_pdf_image_tile().
        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2640

/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
new revision: 1.1199; previous revision: 1.1198
/cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v  <--  tools/tiff2pdf.c
new revision: 1.101; previous revision: 1.100

Index: libtiff/tools/tiff2pdf.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
retrieving revision 1.100
retrieving revision 1.101
diff -u -r1.100 -r1.101
--- libtiff/tools/tiff2pdf.c	20 Dec 2016 17:24:35 -0000	1.100
+++ libtiff/tools/tiff2pdf.c	20 Dec 2016 17:28:17 -0000	1.101
@@ -2895,7 +2895,7 @@
 				return(0);
 			}
 			if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {
-				if (count >= 4) {
+				if (count > 4) {
                                         int retTIFFReadRawTile;
                     /* Ignore EOI marker of JpegTables */
 					_TIFFmemcpy(buffer, jpt, count - 2);
d=3ff75b6403fa3be7378d42fb6127ea6b933159a0'>commit</a><a href='/guix/diff/tests/crate.scm?id=3ff75b6403fa3be7378d42fb6127ea6b933159a0'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/tests/crate.scm'>
<input type='hidden' name='id' value='3ff75b6403fa3be7378d42fb6127ea6b933159a0'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=3ff75b6403fa3be7378d42fb6127ea6b933159a0'>root</a>/<a href='/guix/log/tests?id=3ff75b6403fa3be7378d42fb6127ea6b933159a0'>tests</a>/<a href='/guix/log/tests/crate.scm?id=3ff75b6403fa3be7378d42fb6127ea6b933159a0'>crate.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/crate.scm?id=3ff75b6403fa3be7378d42fb6127ea6b933159a0&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2019-06-30 09:01:27 -0700'>2019-06-30</span></td><td><a href='/guix/commit/tests/crate.scm?id=022288ba53bd44c9311c6cffef5e8224a2e74598'>guix: import: crate: fix redundant inputs list nesting</a><span class='msg-avail'>...</span></td><td>Ivan Petkov</td></tr>
<tr><td><span title='2019-06-11 18:05:44 -0700'>2019-06-11</span></td><td><a href='/guix/commit/tests/crate.scm?id=5a9ef8a960706a55764f5bbc67ac83dd48516016'>import: crate: Define dependencies as arguments.</a><span class='msg-avail'>...</span></td><td>Ivan Petkov</td></tr>
<tr><td><span title='2018-09-04 17:25:11 +0200'>2018-09-04</span></td><td><a href='/guix/commit/tests/crate.scm?id=ca719424455465fca4b872c371daf2a46de88b33'>Switch to Guile-Gcrypt.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2017-02-13 16:04:09 +0100'>2017-02-13</span></td><td><a href='/guix/commit/tests/crate.scm?id=ce8963c5b7a728257920aeceeb89e40d166d09f4'>tests: Adjust for 'http-fetch' change in (guix import json).</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2017-01-01 18:20:52 +0100'>2017-01-01</span></td><td><a href='/guix/commit/tests/crate.scm?id=f1d136957d0d5634e60e5389a046a917169cdb9e'>build-system: cargo: Handle Cargo.lock file not present.</a><span class='msg-avail'>...</span></td><td>David Craven</td></tr>
<tr><td><span title='2017-01-01 18:12:06 +0100'>2017-01-01</span></td><td><a href='/guix/commit/tests/crate.scm?id=f53a5514e0e9535d2e7c668803e64b4aac17da2b'>import: crate: Provide a default home-page value.</a><span class='msg-avail'>...</span></td><td>David Craven</td></tr>
<tr><td><span title='2016-12-14 16:30:42 +0100'>2016-12-14</span></td><td><a href='/guix/commit/tests/crate.scm?id=3e0c036584b41bcc08a8c8e040295716108bb0b2'>import: Add importer for rust crates.</a><span class='msg-avail'>...</span></td><td>David Craven</td></tr>

Age	Commit message (Expand)	Author
2019-06-30	guix: import: crate: fix redundant inputs list nesting...	Ivan Petkov
2019-06-11	import: crate: Define dependencies as arguments....	Ivan Petkov
2018-09-04	Switch to Guile-Gcrypt....	Ludovic Courtès
2017-02-13	tests: Adjust for 'http-fetch' change in (guix import json)....	Ludovic Courtès
2017-01-01	build-system: cargo: Handle Cargo.lock file not present....	David Craven
2017-01-01	import: crate: Provide a default home-page value....	David Craven
2016-12-14	import: Add importer for rust crates....	David Craven