LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8406 Commits
1 Branch
46 MiB
Tree: 45b88fc5d7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '45b88fc5d7'
${ noResults }
openwrt-packages-dist/libs/tiff/patches/113-CVE.patch

70 lines
2.1 KiB
Raw Normal View History

tiff: update to version 4.0.7 with CVE fixes Signed-off-by: Jiri Slachta <jiri@slachta.eu>
7 years ago
 
  1. commit 18bca4cf3057681689efb502175cbe5f01cb68c3
  2. Author: erouault <erouault>
  3. Date:   Sat Dec 3 16:50:02 2016 +0000
  4. 

  5.     * tools/tiffcp.c: replace assert( (bps % 8) == 0 ) by a non assert check.
  6.     Reported by Agostino Sarubbo.
  7.     Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2605
  8. 

  9. diff --git a/ChangeLog b/ChangeLog

  10. index 8ee76c0..025eb72 100644

  11. --- a/ChangeLog

  12. +++ b/ChangeLog

  13. @@ -1,5 +1,11 @@

  14.  2016-12-03 Even Rouault <even.rouault at spatialys.com>
  15.  
  16. +	* tools/tiffcp.c: replace assert( (bps % 8) == 0 ) by a non assert check.

  17. +	Reported by Agostino Sarubbo.

  18. +	Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2605

  19. +

  20. +2016-12-03 Even Rouault <even.rouault at spatialys.com>

  21. +

  22.  	* tools/tiffcp.c: fix uint32 underflow/overflow that can cause heap-based
  23.  	buffer overflow.
  24.  	Reported by Agostino Sarubbo.
  25. diff --git a/tools/tiffcp.c b/tools/tiffcp.c

  26. index 6d96bb8..49c9d37 100644

  27. --- a/tools/tiffcp.c

  28. +++ b/tools/tiffcp.c

  29. @@ -1,4 +1,4 @@

  30. -/* $Id: tiffcp.c,v 1.59 2016-12-03 16:40:01 erouault Exp $ */

  31. +/* $Id: tiffcp.c,v 1.60 2016-12-03 16:50:02 erouault Exp $ */

  32.  
  33.  /*
  34.   * Copyright (c) 1988-1997 Sam Leffler
  35. @@ -45,7 +45,6 @@

  36.  #include <string.h>
  37.  
  38.  #include <ctype.h>
  39. -#include <assert.h>

  40.  
  41.  #ifdef HAVE_UNISTD_H
  42.  # include <unistd.h>
  43. @@ -1393,7 +1392,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)

  44.              status = 0;
  45.              goto done;
  46.          }
  47. -	assert( bps % 8 == 0 );

  48. +        if( (bps % 8) != 0 )

  49. +        {

  50. +            TIFFError(TIFFFileName(in), "Error, cannot handle BitsPerSample that is not a multiple of 8");

  51. +            status = 0;

  52. +            goto done;

  53. +        }

  54.  	bytes_per_sample = bps/8;
  55.  
  56.  	for (row = 0; row < imagelength; row += tl) {
  57. @@ -1584,7 +1588,12 @@ DECLAREwriteFunc(writeBufferToSeparateTiles)

  58.              _TIFFfree(obuf);
  59.              return 0;
  60.          }
  61. -	assert( bps % 8 == 0 );

  62. +        if( (bps % 8) != 0 )

  63. +        {

  64. +            TIFFError(TIFFFileName(out), "Error, cannot handle BitsPerSample that is not a multiple of 8");

  65. +            _TIFFfree(obuf);

  66. +            return 0;

  67. +        }

  68.  	bytes_per_sample = bps/8;
  69.  
  70.  	for (row = 0; row < imagelength; row += tl) {