diff options
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files/CVE-2016-3990.patch')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2016-3990.patch | 66 |
1 files changed, 0 insertions, 66 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-3990.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-3990.patch deleted file mode 100644 index 7bf52ee5dc..0000000000 --- a/meta/recipes-multimedia/libtiff/files/CVE-2016-3990.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 6a4dbb07ccf92836bb4adac7be4575672d0ac5f1 Mon Sep 17 00:00:00 2001 -From: erouault <erouault> -Date: Mon, 15 Aug 2016 20:49:48 +0000 -Subject: [PATCH] * libtiff/tif_pixarlog.c: Fix write buffer overflow in - PixarLogEncode if more input samples are provided than expected by - PixarLogSetupEncode. Idea based on libtiff-CVE-2016-3990.patch from - libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, but with different and - simpler check. (bugzilla #2544) - -invalid tests that rejected valid files. (bugzilla #2545) - -CVE: CVE-2016-3990 -Upstream-Status: Backport -https://github.com/vadz/libtiff/commit/6a4dbb07ccf92836bb4adac7be4575672d0ac5f1 - -Signed-off-by: Yi Zhao <yi.zhao@windirver.com> ---- - ChangeLog | 10 +++++++++- - libtiff/tif_pixarlog.c | 7 +++++++ - 2 files changed, 16 insertions(+), 1 deletion(-) - -diff --git a/ChangeLog b/ChangeLog -index 9c0ab29..db4ea18 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -1,10 +1,18 @@ - 2016-08-15 Even Rouault <even.rouault at spatialys.com> - -+ * libtiff/tif_pixarlog.c: Fix write buffer overflow in PixarLogEncode -+ if more input samples are provided than expected by PixarLogSetupEncode. -+ Idea based on libtiff-CVE-2016-3990.patch from -+ libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, but with different and -+ simpler check. (bugzilla #2544) -+ -+2016-08-15 Even Rouault <even.rouault at spatialys.com> -+ - * tools/tiff2rgba.c: Fix integer overflow in size of allocated - buffer, when -b mode is enabled, that could result in out-of-bounds - write. Based initially on patch tiff-CVE-2016-3945.patch from - libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, with correction for -- invalid tests that rejected valid files. -+ invalid tests that rejected valid files. (bugzilla #2545) - - 2016-07-11 Even Rouault <even.rouault at spatialys.com> - -diff --git a/libtiff/tif_pixarlog.c b/libtiff/tif_pixarlog.c -index e78f788..28329d1 100644 ---- a/libtiff/tif_pixarlog.c -+++ b/libtiff/tif_pixarlog.c -@@ -1141,6 +1141,13 @@ PixarLogEncode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - } - - llen = sp->stride * td->td_imagewidth; -+ /* Check against the number of elements (of size uint16) of sp->tbuf */ -+ if( n > td->td_rowsperstrip * llen ) -+ { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Too many input bytes provided"); -+ return 0; -+ } - - for (i = 0, up = sp->tbuf; i < n; i += llen, up += llen) { - switch (sp->user_datafmt) { --- -2.7.4 - |