diff options
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch | 43 |
1 files changed, 0 insertions, 43 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch b/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch deleted file mode 100644 index 72776f09ba..0000000000 --- a/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch +++ /dev/null @@ -1,43 +0,0 @@ -CVE: CVE-2022-22844 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From b12a0326e6064b6e0b051d1184a219877472f69b Mon Sep 17 00:00:00 2001 -From: 4ugustus <wangdw.augustus@qq.com> -Date: Tue, 25 Jan 2022 16:25:28 +0000 -Subject: [PATCH] tiffset: fix global-buffer-overflow for ASCII tags where - count is required (fixes #355) - ---- - tools/tiffset.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/tools/tiffset.c b/tools/tiffset.c -index 8c9e23c5..e7a88c09 100644 ---- a/tools/tiffset.c -+++ b/tools/tiffset.c -@@ -146,9 +146,19 @@ main(int argc, char* argv[]) - - arg_index++; - if (TIFFFieldDataType(fip) == TIFF_ASCII) { -- if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1) -- fprintf( stderr, "Failed to set %s=%s\n", -- TIFFFieldName(fip), argv[arg_index] ); -+ if(TIFFFieldPassCount( fip )) { -+ size_t len; -+ len = strlen(argv[arg_index]) + 1; -+ if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip), -+ (uint16_t)len, argv[arg_index]) != 1) -+ fprintf( stderr, "Failed to set %s=%s\n", -+ TIFFFieldName(fip), argv[arg_index] ); -+ } else { -+ if (TIFFSetField(tiff, TIFFFieldTag(fip), -+ argv[arg_index]) != 1) -+ fprintf( stderr, "Failed to set %s=%s\n", -+ TIFFFieldName(fip), argv[arg_index] ); -+ } - } else if (TIFFFieldWriteCount(fip) > 0 - || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) { - int ret = 1; --- -2.25.1 |