From 6dcbf5bd96b717c58d7b642949da8d323099928e Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Thu, 14 Jan 2016 04:59:19 -0800
Subject: [PATCH] Fix for buffer overflow in TiffDecode.c CVE-2016-0740

---
 Tests/check_libtiff_segfault.py   |  23 +++++++++++++++++++++++
 Tests/images/libtiff_segfault.tif | Bin 0 -> 262 bytes
 libImaging/TiffDecode.c           |   2 +-
 3 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 Tests/check_libtiff_segfault.py
 create mode 100644 Tests/images/libtiff_segfault.tif

--- libImaging/TiffDecode.c
+++ libImaging/TiffDecode.c
@@ -169,7 +169,7 @@ int ImagingLibTiffDecode(Imaging im, ImagingCodecState state, UINT8* buffer, int
 	char *filename = "tempfile.tif";
 	char *mode = "r";
 	TIFF *tiff;
-	int size;
+	tsize_t size;
 
 
 	/* buffer is the encoded file, bytes is the length of the encoded file */
