aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia/libtiff/files/CVE-2016-10271.patch
blob: 4fe5bcd6c715c6b95fcfbe84ab6c7a11a8c1a198 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
From 9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Sat, 3 Dec 2016 11:35:56 +0000
Subject: [PATCH] * tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i
 (ignore) mode so that the output buffer is correctly incremented to avoid
 write outside bounds. Reported by Agostino Sarubbo. Fixes
 http://bugzilla.maptools.org/show_bug.cgi?id=2620

Upstream-Status: Backport
CVE: CVE-2016-10271
Signed-off-by: Rajkumar Veer <rveer@mvista.com>

---
 ChangeLog        | 7 +++++++
 tools/tiffcrop.c | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

Index: tiff-4.0.7/tools/tiffcrop.c
===================================================================
--- tiff-4.0.7.orig/tools/tiffcrop.c
+++ tiff-4.0.7/tools/tiffcrop.c
@@ -3698,7 +3698,7 @@ static int readContigStripsIntoBuffer (T
                                   (unsigned long) strip, (unsigned long)rows);
                         return 0;
                 }
-                bufp += bytes_read;
+                bufp += stripsize;
         }
 
         return 1;