pool/tiff
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tiff bugzilla #2508

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=72
This commit is contained in:
Fridrich Strba 2016-01-11 10:12:16 +00:00 committed by Git OBS Bridge
parent 734609a0ab
commit a4befe7391
3 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
tiff-4.0.6-nextdecode-oob.patch Normal file
View File

@ -0,0 +1,36 @@
--- libtiff/tif_next.c 29 Dec 2014 12:09:11 -0000 1.16
+++ libtiff/tif_next.c 27 Dec 2015 17:14:52 -0000 1.18
@@ -37,7 +37,7 @@
case 0: op[0] = (unsigned char) ((v) << 6); break; \
case 1: op[0] |= (v) << 4; break; \
case 2: op[0] |= (v) << 2; break; \
- case 3: *op++ |= (v); break; \
+ case 3: *op++ |= (v); op_offset++; break; \
} \
}
@@ -103,6 +103,7 @@
}
default: {
uint32 npixels = 0, grey;
+ tmsize_t op_offset = 0;
uint32 imagewidth = tif->tif_dir.td_imagewidth;
if( isTiled(tif) )
imagewidth = tif->tif_dir.td_tilewidth;
@@ -122,10 +123,15 @@
* bounds, potentially resulting in a security
* issue.
*/
- while (n-- > 0 && npixels < imagewidth)
+ while (n-- > 0 && npixels < imagewidth && op_offset < scanline)
SETPIXEL(op, grey);
if (npixels >= imagewidth)
break;
+ if (op_offset >= scanline ) {
+ TIFFErrorExt(tif->tif_clientdata, module, "Invalid data for scanline %ld",
+ (long) tif->tif_row);
+ return (0);
+ }
if (cc == 0)
goto bad;
n = *bp++, cc--;

9
tiff.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Mon Jan 11 09:48:49 UTC 2016 - fstrba@suse.com
- Added patch:
* tiff-4.0.6-nextdecode-oob.patch
- Fix potential out-of-bound write in NeXTDecode() triggered by
http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif (#2508,
bsc#942690)
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Dec 8 15:55:30 UTC 2015 - p.drouand@gmail.com Tue Dec 8 15:55:30 UTC 2015 - p.drouand@gmail.com

5
tiff.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package tiff # spec file for package tiff
# #
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -29,6 +29,8 @@ Source3: baselibs.conf
Patch0: tiff-4.0.3-seek.patch Patch0: tiff-4.0.3-seek.patch
# http://bugzilla.maptools.org/show_bug.cgi?id=2442 # http://bugzilla.maptools.org/show_bug.cgi?id=2442
Patch1: tiff-4.0.3-compress-warning.patch Patch1: tiff-4.0.3-compress-warning.patch
# http://bugzilla.maptools.org/show_bug.cgi?id=2508
Patch2: tiff-4.0.6-nextdecode-oob.patch
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: libjpeg-devel BuildRequires: libjpeg-devel
BuildRequires: libtool BuildRequires: libtool
@ -94,6 +96,7 @@ the libtiff library.
%setup -q %setup -q
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p0
%build %build
CFLAGS="%{optflags} -fPIE" CFLAGS="%{optflags} -fPIE"