diff options
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files/CVE-2017-7595.patch')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2017-7595.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-7595.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-7595.patch new file mode 100644 index 0000000000..851a37fc74 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-7595.patch @@ -0,0 +1,48 @@ +commit 618d490090bfd10e613ac574ecff31a293904b44 +Author: erouault <erouault> +Date: Wed Jan 11 12:15:01 2017 +0000 + + * libtiff/tif_jpeg.c: avoid integer division by zero + in JPEGSetupEncode() when horizontal or vertical sampling is set to 0. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653 + +Upstream-Status: Backport + +CVE: CVE-2017-7595 +Signed-off-by: Rajkumar Veer <rveer@mvista.com> + +Index: tiff-4.0.7/ChangeLog +=================================================================== +--- tiff-4.0.7.orig/ChangeLog 2017-04-24 17:31:40.013832807 +0530 ++++ tiff-4.0.7/ChangeLog 2017-04-24 18:03:34.769782616 +0530 +@@ -8,6 +8,12 @@ + + 2017-01-11 Even Rouault <even.rouault at spatialys.com> + ++ * libtiff/tif_jpeg.c: avoid integer division by zero in ++ JPEGSetupEncode() when horizontal or vertical sampling is set to 0. ++ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653 ++ ++2017-01-11 Even Rouault <even.rouault at spatialys.com> ++ + * libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile to + avoid UndefinedBehaviorSanitizer warning. + Patch by Nicolas Pena. +Index: tiff-4.0.7/libtiff/tif_jpeg.c +=================================================================== +--- tiff-4.0.7.orig/libtiff/tif_jpeg.c 2016-01-24 21:09:51.781641625 +0530 ++++ tiff-4.0.7/libtiff/tif_jpeg.c 2017-04-24 18:05:59.777778815 +0530 +@@ -1626,6 +1626,13 @@ + case PHOTOMETRIC_YCBCR: + sp->h_sampling = td->td_ycbcrsubsampling[0]; + sp->v_sampling = td->td_ycbcrsubsampling[1]; ++ if( sp->h_sampling == 0 || sp->v_sampling == 0 ) ++ { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Invalig horizontal/vertical sampling value"); ++ return (0); ++ } ++ + /* + * A ReferenceBlackWhite field *must* be present since the + * default value is inappropriate for YCbCr. Fill in the |