3 files changed, 16 insertions, 0 deletions

diff --git a/third_party/libtiff/0005-Leak-TIFFFetchStripThing.patch b/third_party/libtiff/0005-Leak-TIFFFetchStripThing.patch
new file mode 100644
index 0000000000..0f9b16873f
--- /dev/null
+++ b/third_party/libtiff/0005-Leak-TIFFFetchStripThing.patch
@@ -0,0 +1,13 @@
+diff --git a/third_party/libtiff/tif_dirread.c b/third_party/libtiff/tif_dirread.c
+index a0dc68b..5ef3264 100644
+--- a/third_party/libtiff/tif_dirread.c
++++ b/third_party/libtiff/tif_dirread.c
+@@ -5372,6 +5372,8 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp)
+ 	static const char module[] = "TIFFFetchStripThing";
+ 	enum TIFFReadDirEntryErr err;
+ 	uint64* data;
++	_TIFFfree(*lpp);
++	*lpp = 0;
+ 	err=TIFFReadDirEntryLong8Array(tif,dir,&data);
+ 	if (err!=TIFFReadDirEntryErrOk)
+ 	{
diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium
index 09577f93fb..05e4965c4f 100644
--- a/third_party/libtiff/README.pdfium
+++ b/third_party/libtiff/README.pdfium
@@ -14,3 +14,4 @@ Local Modifications:
 0002-CVE-2015-8665-8683.patch: Security fixes
 0003-CVE-2015-8781-8782-8783.patch: Security fixes
 0004-CVE-2015-8784.patch: Security fixes
+0005-Leak-TIFFFetchStripThing.patch: Fix a memory leak
diff --git a/third_party/libtiff/tif_dirread.c b/third_party/libtiff/tif_dirread.c
index a0dc68b78e..5ef326485b 100644
--- a/third_party/libtiff/tif_dirread.c
+++ b/third_party/libtiff/tif_dirread.c
@@ -5372,6 +5372,8 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp)
 	static const char module[] = "TIFFFetchStripThing";
 	enum TIFFReadDirEntryErr err;
 	uint64* data;
+	_TIFFfree(*lpp);
+	*lpp = 0;
 	err=TIFFReadDirEntryLong8Array(tif,dir,&data);
 	if (err!=TIFFReadDirEntryErrOk)
 	{