From af0fd610183af1225de296d7342477a9ff5d57477a400d99bbc430410e722b19 Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Mon, 26 Aug 2013 09:41:16 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=61 --- tiff-4.0.3-CVE-2013-4243.patch | 34 ++++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/tiff-4.0.3-CVE-2013-4243.patch b/tiff-4.0.3-CVE-2013-4243.patch index 8ce2311..1349c8c 100644 --- a/tiff-4.0.3-CVE-2013-4243.patch +++ b/tiff-4.0.3-CVE-2013-4243.patch @@ -1,11 +1,8 @@ -Index: gif2tiff.c +Index: tools/gif2tiff.c =================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v -retrieving revision 1.12 -diff -u -r1.12 gif2tiff.c ---- tools/gif2tiff.c 15 Dec 2010 00:22:44 -0000 1.12 -+++ tools/gif2tiff.c 14 Aug 2013 04:43:31 -0000 -@@ -280,6 +280,10 @@ +--- tools/gif2tiff.c.orig ++++ tools/gif2tiff.c +@@ -280,6 +280,10 @@ readgifimage(char* mode) fprintf(stderr, "no colormap present for image\n"); return (0); } @@ -16,4 +13,25 @@ diff -u -r1.12 gif2tiff.c if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == NULL) { fprintf(stderr, "not enough memory for image\n"); return (0); - +@@ -406,6 +410,10 @@ process(register int code, unsigned char + fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear); + return 0; + } ++ if (*fill >= raster + width*height) { ++ fprintf(stderr, "raster full before eoi code\n"); ++ return 0; ++ } + *(*fill)++ = suffix[code]; + firstchar = oldcode = code; + return 1; +@@ -436,6 +444,10 @@ process(register int code, unsigned char + } + oldcode = incode; + do { ++ if (*fill >= raster + width*height) { ++ fprintf(stderr, "raster full before eoi code\n"); ++ return 0; ++ } + *(*fill)++ = *--stackp; + } while (stackp > stack); + return 1;