tiff bugzilla #2508
OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=72
This commit is contained in:
Fridrich Strba
Git OBS Bridge
parent
734609a0ab
commit
a4befe7391
36
tiff-4.0.6-nextdecode-oob.patch
Normal file
36
tiff-4.0.6-nextdecode-oob.patch
Normal file
@ -0,0 +1,36 @@
|
||||
--- libtiff/tif_next.c 29 Dec 2014 12:09:11 -0000 1.16
|
||||
+++ libtiff/tif_next.c 27 Dec 2015 17:14:52 -0000 1.18
|
||||
@@ -37,7 +37,7 @@
|
||||
case 0: op[0] = (unsigned char) ((v) << 6); break; \
|
||||
case 1: op[0] |= (v) << 4; break; \
|
||||
case 2: op[0] |= (v) << 2; break; \
|
||||
- case 3: *op++ |= (v); break; \
|
||||
+ case 3: *op++ |= (v); op_offset++; break; \
|
||||
} \
|
||||
}
|
||||
|
||||
@@ -103,6 +103,7 @@
|
||||
}
|
||||
default: {
|
||||
uint32 npixels = 0, grey;
|
||||
+ tmsize_t op_offset = 0;
|
||||
uint32 imagewidth = tif->tif_dir.td_imagewidth;
|
||||
if( isTiled(tif) )
|
||||
imagewidth = tif->tif_dir.td_tilewidth;
|
||||
@@ -122,10 +123,15 @@
|
||||
* bounds, potentially resulting in a security
|
||||
* issue.
|
||||
*/
|
||||
- while (n-- > 0 && npixels < imagewidth)
|
||||
+ while (n-- > 0 && npixels < imagewidth && op_offset < scanline)
|
||||
SETPIXEL(op, grey);
|
||||
if (npixels >= imagewidth)
|
||||
break;
|
||||
+ if (op_offset >= scanline ) {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, module, "Invalid data for scanline %ld",
|
||||
+ (long) tif->tif_row);
|
||||
+ return (0);
|
||||
+ }
|
||||
if (cc == 0)
|
||||
goto bad;
|
||||
n = *bp++, cc--;
|
||||
@ -1,3 +1,12 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 11 09:48:49 UTC 2016 - fstrba@suse.com
|
||||
|
||||
- Added patch:
|
||||
* tiff-4.0.6-nextdecode-oob.patch
|
||||
- Fix potential out-of-bound write in NeXTDecode() triggered by
|
||||
http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif (#2508,
|
||||
bsc#942690)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 8 15:55:30 UTC 2015 - p.drouand@gmail.com
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package tiff
|
||||
#
|
||||
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -29,6 +29,8 @@ Source3: baselibs.conf
|
||||
Patch0: tiff-4.0.3-seek.patch
|
||||
# http://bugzilla.maptools.org/show_bug.cgi?id=2442
|
||||
Patch1: tiff-4.0.3-compress-warning.patch
|
||||
# http://bugzilla.maptools.org/show_bug.cgi?id=2508
|
||||
Patch2: tiff-4.0.6-nextdecode-oob.patch
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: libjpeg-devel
|
||||
BuildRequires: libtool
|
||||
@ -94,6 +96,7 @@ the libtiff library.
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p0
|
||||
|
||||
%build
|
||||
CFLAGS="%{optflags} -fPIE"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user