- fixed out of bounds read

- fixed CVE-2010-2233 * getimage-64bit.patch - [bnc#612879] OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=19
2010-06-23 15:50:18 +00:00 · 2010-06-23 15:50:18 +00:00 · edd0a84a47
commit edd0a84a47
parent 190f2ef330
3 changed files with 47 additions and 2 deletions
--- a/tiff-3.9.2-getimage-64bit.patch
+++ b/tiff-3.9.2-getimage-64bit.patch
@ -0,0 +1,41 @@
+diff -Naur tiff-3.9.2.orig/libtiff/tif_getimage.c tiff-3.9.2/libtiff/tif_getimage.c
+--- tiff-3.9.2.orig/libtiff/tif_getimage.c	2009-08-30 12:21:46.000000000 -0400
+++ tiff-3.9.2/libtiff/tif_getimage.c	2010-06-10 15:07:28.000000000 -0400
+@@ -1846,6 +1846,7 @@
+ DECLAREContigPutFunc(putcontig8bitYCbCr22tile)
+ {
+ 	uint32* cp2;
+	int32 incr = 2*toskew+w;
+ 	(void) y;
+ 	fromskew = (fromskew / 2) * 6;
+ 	cp2 = cp+w+toskew;
+@@ -1872,8 +1873,8 @@
+ 			cp2 ++ ;
+ 			pp += 6;
+ 		}
+-		cp += toskew*2+w;
+-		cp2 += toskew*2+w;
+		cp += incr;
+		cp2 += incr;
+ 		pp += fromskew;
+ 		h-=2;
+ 	}
+@@ -1939,6 +1940,7 @@
+ DECLAREContigPutFunc(putcontig8bitYCbCr12tile)
+ {
+ 	uint32* cp2;
+	int32 incr = 2*toskew+w;
+ 	(void) y;
+ 	fromskew = (fromskew / 2) * 4;
+ 	cp2 = cp+w+toskew;
+@@ -1953,8 +1955,8 @@
+ 			cp2 ++;
+ 			pp += 4;
+ 		} while (--x);
+-		cp += toskew*2+w;
+-		cp2 += toskew*2+w;
+		cp += incr;
+		cp2 += incr;
+ 		pp += fromskew;
+ 		h-=2;
+ 	}
--- a/tiff.changes
+++ b/tiff.changes
@ -4,9 +4,11 @@ Wed Jun 23 10:32:01 CEST 2010 - pgajdos@suse.cz
 - fixed CVE-2010-2065
  * integer-overflow.patch
  * NULL-deref.patch
-  and out of bounds read
+-  fixed out of bounds read
  * oob-read.patch
- part of [bnc#612879]
+-  fixed CVE-2010-2233
+  * getimage-64bit.patch
+- [bnc#612879]

 -------------------------------------------------------------------
 Mon Apr 26 15:07:09 CEST 2010 - pgajdos@suse.cz
--- a/tiff.spec
+++ b/tiff.spec
@ -39,6 +39,7 @@ Patch3:         tiff-%{version}-tiff2pdf-colors.patch
 Patch4:         tiff-%{version}-NULL-deref.patch
 Patch5:         tiff-%{version}-integer-overflow.patch
 Patch6:         tiff-%{version}-oob-read.patch
+Patch7:         tiff-%{version}-getimage-64bit.patch
 # FYI: this issue is solved another way
 # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1
 # Patch9:         tiff-%{version}-lzw-CVE-2009-2285.patch
@ -103,6 +104,7 @@ the libtiff library.
 %patch4
 %patch5
 %patch6 -p1
+%patch7 -p1
 find -type d -name "CVS" | xargs rm -rfv
 find -type d | xargs chmod 755