Fix for buffer overflow in TiffDecode.c CVE-2016-0740

Tests/check_libtiff_segfault.py

@@ -0,0 +1,23 @@
+from helper import unittest, PillowTestCase
+from PIL import Image
+
+TEST_FILE = "Tests/images/libtiff_segfault.tif"
+
+class TestLibtiffSegfault(PillowTestCase):
+    def test_segfault(self):
+        """ This test should not segfault. It will on Pillow <= 3.1.0 and
+            libtiff >= 4.0.0
+            """
+
+        try:
+            im = Image.open(TEST_FILE)
+            im.load()
+        except IOError:
+            self.assertTrue(True, "Got expected IOError")
+        except Exception:
+            self.fail("Should have returned IOError")
+
+
+
+if __name__ == '__main__':
+    unittest.main()

libImaging/TiffDecode.c

@@ -169,7 +169,7 @@ int ImagingLibTiffDecode(Imaging im, ImagingCodecState state, UINT8* buffer, int
 	char *filename = "tempfile.tif";
 	char *mode = "r";
 	TIFF *tiff;
-	int size;
+	tsize_t size;
 
 
 	/* buffer is the encoded file, bytes is the length of the encoded file */