diff options
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files/CVE-2017-13726.patch')
| -rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2017-13726.patch | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-13726.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-13726.patch new file mode 100644 index 0000000000..c60ffa698d --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-13726.patch @@ -0,0 +1,54 @@ +From 5317ce215936ce611846557bb104b49d3b4c8345 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Wed, 23 Aug 2017 13:21:41 +0000 +Subject: [PATCH] * libtiff/tif_dirwrite.c: replace assertion related to not + finding the SubIFD tag by runtime check. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2727 Reported by team OWL337 + +Upstream-Status: Backport +[https://github.com/vadz/libtiff/commit/f91ca83a21a6a583050e5a5755ce1441b2bf1d7e] + +CVE: CVE-2017-13726 + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + ChangeLog | 7 +++++++ + libtiff/tif_dirwrite.c | 7 ++++++- + 2 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/ChangeLog b/ChangeLog +index 6980da8..3e299d9 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,10 @@ ++2017-08-23 Even Rouault <even.rouault at spatialys.com> ++ ++ * libtiff/tif_dirwrite.c: replace assertion related to not finding the ++ SubIFD tag by runtime check. ++ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2727 ++ Reported by team OWL337 ++ + 2017-07-15 Even Rouault <even.rouault at spatialys.com> + + * tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw" +diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c +index 8d6686b..14090ae 100644 +--- a/libtiff/tif_dirwrite.c ++++ b/libtiff/tif_dirwrite.c +@@ -821,7 +821,12 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff) + TIFFDirEntry* nb; + for (na=0, nb=dir; ; na++, nb++) + { +- assert(na<ndir); ++ if( na == ndir ) ++ { ++ TIFFErrorExt(tif->tif_clientdata,module, ++ "Cannot find SubIFD tag"); ++ goto bad; ++ } + if (nb->tdir_tag==TIFFTAG_SUBIFD) + break; + } +-- +2.7.4 + |