LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8321 Commits
1 Branch
46 MiB
Tree: 682b0c2be7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '682b0c2be7'
${ noResults }
openwrt-packages-dist/libs/tiff/patches/107-CVE.patch

61 lines
2.4 KiB
Raw Normal View History

tiff: update to version 4.0.7 with CVE fixes Signed-off-by: Jiri Slachta <jiri@slachta.eu>
8 years ago
 
  1. commit fc9eedf265394eb8a5633160a8fcdb7ece072701
  2. Author: erouault <erouault>
  3. Date:   Sat Dec 3 13:00:03 2016 +0000
  4. 

  5.     * tools/tiffcrop.c: fix integer division by zero when BitsPerSample is missing.
  6.     Reported by Agostino Sarubbo.
  7.     Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2619
  8. 

  9. diff --git a/ChangeLog b/ChangeLog

  10. index 50db803..2940828 100644

  11. --- a/ChangeLog

  12. +++ b/ChangeLog

  13. @@ -1,5 +1,11 @@

  14.  2016-12-03 Even Rouault <even.rouault at spatialys.com>
  15.  
  16. +	* tools/tiffcrop.c: fix integer division by zero when BitsPerSample is missing.

  17. +	Reported by Agostino Sarubbo.

  18. +	Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2619

  19. +

  20. +2016-12-03 Even Rouault <even.rouault at spatialys.com>

  21. +

  22.  	* tools/tiffcrop.c: add 3 extra bytes at end of strip buffer in
  23.  	readSeparateStripsIntoBuffer() to avoid read outside of heap allocated buffer.
  24.  	Reported by Agostino Sarubbo.
  25. diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c

  26. index 9122aab..21dd087 100644

  27. --- a/tools/tiffcrop.c

  28. +++ b/tools/tiffcrop.c

  29. @@ -1,4 +1,4 @@

  30. -/* $Id: tiffcrop.c,v 1.48 2016-12-03 12:19:32 erouault Exp $ */

  31. +/* $Id: tiffcrop.c,v 1.49 2016-12-03 13:00:04 erouault Exp $ */

  32.  
  33.  /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of
  34.   * the image data through additional options listed below
  35. @@ -1164,7 +1164,7 @@ writeBufferToSeparateStrips (TIFF* out, uint8* buf,

  36.    tdata_t  obuf;
  37.  
  38.    (void) TIFFGetFieldDefaulted(out, TIFFTAG_ROWSPERSTRIP, &rowsperstrip);
  39. -  (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);

  40. +  (void) TIFFGetFieldDefaulted(out, TIFFTAG_BITSPERSAMPLE, &bps);

  41.    bytes_per_sample = (bps + 7) / 8;
  42.    if( width == 0 ||
  43.        (uint32)bps * (uint32)spp > TIFF_UINT32_MAX / width ||
  44. @@ -4760,7 +4760,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8 *obuf, uint32 length,

  45.    int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1;
  46.    uint32 j;
  47.    int32  bytes_read = 0;
  48. -  uint16 bps, planar;

  49. +  uint16 bps = 0, planar;

  50.    uint32 nstrips;
  51.    uint32 strips_per_sample;
  52.    uint32 src_rowsize, dst_rowsize, rows_processed, rps;
  53. @@ -4780,7 +4780,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8 *obuf, uint32 length,

  54.      }
  55.  
  56.    memset (srcbuffs, '\0', sizeof(srcbuffs));
  57. -  TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);

  58. +  TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps);

  59.    TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &planar);
  60.    TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps);
  61.    if (rps > length)