diff options
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files/CVE-2017-13727.patch')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2017-13727.patch | 65 |
1 files changed, 0 insertions, 65 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-13727.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-13727.patch deleted file mode 100644 index e228c2f17c..0000000000 --- a/meta/recipes-multimedia/libtiff/files/CVE-2017-13727.patch +++ /dev/null @@ -1,65 +0,0 @@ -From a5e8245cc67646f7b448b4ca29258eaac418102c Mon Sep 17 00:00:00 2001 -From: Even Rouault <even.rouault@spatialys.com> -Date: Wed, 23 Aug 2017 13:33:42 +0000 -Subject: [PATCH] * libtiff/tif_dirwrite.c: replace assertion to tag value not - fitting on uint32 when selecting the value of SubIFD tag by runtime check (in - TIFFWriteDirectoryTagSubifd()). Fixes - http://bugzilla.maptools.org/show_bug.cgi?id=2728 Reported by team OWL337 - -SubIFD tag by runtime check (in TIFFWriteDirectorySec()) - -Upstream-Status: Backport -[https://github.com/vadz/libtiff/commit/b6af137bf9ef852f1a48a50a5afb88f9e9da01cc] - -CVE: CVE-2017-13727 - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - ChangeLog | 10 +++++++++- - libtiff/tif_dirwrite.c | 9 ++++++++- - 2 files changed, 17 insertions(+), 2 deletions(-) - -diff --git a/ChangeLog b/ChangeLog -index 3e299d9..8f5efe9 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -1,7 +1,15 @@ - 2017-08-23 Even Rouault <even.rouault at spatialys.com> - -+ * libtiff/tif_dirwrite.c: replace assertion to tag value not fitting -+ on uint32 when selecting the value of SubIFD tag by runtime check -+ (in TIFFWriteDirectoryTagSubifd()). -+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2728 -+ Reported by team OWL337 -+ -+2017-08-23 Even Rouault <even.rouault at spatialys.com> -+ - * libtiff/tif_dirwrite.c: replace assertion related to not finding the -- SubIFD tag by runtime check. -+ SubIFD tag by runtime check (in TIFFWriteDirectorySec()) - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2727 - Reported by team OWL337 - -diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c -index 14090ae..f0a4baa 100644 ---- a/libtiff/tif_dirwrite.c -+++ b/libtiff/tif_dirwrite.c -@@ -1949,7 +1949,14 @@ TIFFWriteDirectoryTagSubifd(TIFF* tif, uint32* ndir, TIFFDirEntry* dir) - for (p=0; p < tif->tif_dir.td_nsubifd; p++) - { - assert(pa != 0); -- assert(*pa <= 0xFFFFFFFFUL); -+ -+ /* Could happen if an classicTIFF has a SubIFD of type LONG8 (which is illegal) */ -+ if( *pa > 0xFFFFFFFFUL) -+ { -+ TIFFErrorExt(tif->tif_clientdata,module,"Illegal value for SubIFD tag"); -+ _TIFFfree(o); -+ return(0); -+ } - *pb++=(uint32)(*pa++); - } - n=TIFFWriteDirectoryTagCheckedIfdArray(tif,ndir,dir,TIFFTAG_SUBIFD,tif->tif_dir.td_nsubifd,o); --- -2.7.4 - |