pool/tiff
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- fixed out of bounds read

Browse Source 
-  fixed CVE-2010-2233
  * getimage-64bit.patch
- [bnc#612879]

OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=19
This commit is contained in:
Petr Gajdos 2010-06-23 15:50:18 +00:00 committed by Git OBS Bridge
parent 190f2ef330
commit edd0a84a47
3 changed files with 47 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
tiff-3.9.2-getimage-64bit.patch Normal file
View File

@ -0,0 +1,41 @@
diff -Naur tiff-3.9.2.orig/libtiff/tif_getimage.c tiff-3.9.2/libtiff/tif_getimage.c
--- tiff-3.9.2.orig/libtiff/tif_getimage.c 2009-08-30 12:21:46.000000000 -0400
+++ tiff-3.9.2/libtiff/tif_getimage.c 2010-06-10 15:07:28.000000000 -0400
@@ -1846,6 +1846,7 @@
DECLAREContigPutFunc(putcontig8bitYCbCr22tile)
{
uint32* cp2;
+ int32 incr = 2*toskew+w;
(void) y;
fromskew = (fromskew / 2) * 6;
cp2 = cp+w+toskew;
@@ -1872,8 +1873,8 @@
cp2 ++ ;
pp += 6;
}
- cp += toskew*2+w;
- cp2 += toskew*2+w;
+ cp += incr;
+ cp2 += incr;
pp += fromskew;
h-=2;
}
@@ -1939,6 +1940,7 @@
DECLAREContigPutFunc(putcontig8bitYCbCr12tile)
{
uint32* cp2;
+ int32 incr = 2*toskew+w;
(void) y;
fromskew = (fromskew / 2) * 4;
cp2 = cp+w+toskew;
@@ -1953,8 +1955,8 @@
cp2 ++;
pp += 4;
} while (--x);
- cp += toskew*2+w;
- cp2 += toskew*2+w;
+ cp += incr;
+ cp2 += incr;
pp += fromskew;
h-=2;
}

6
tiff.changes
View File

@ -4,9 +4,11 @@ Wed Jun 23 10:32:01 CEST 2010 - pgajdos@suse.cz
- fixed CVE-2010-2065 - fixed CVE-2010-2065
* integer-overflow.patch * integer-overflow.patch
* NULL-deref.patch * NULL-deref.patch
and out of bounds read - fixed out of bounds read
* oob-read.patch * oob-read.patch
- part of [bnc#612879] - fixed CVE-2010-2233
* getimage-64bit.patch
- [bnc#612879]
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Apr 26 15:07:09 CEST 2010 - pgajdos@suse.cz Mon Apr 26 15:07:09 CEST 2010 - pgajdos@suse.cz

2
tiff.spec
View File

@ -39,6 +39,7 @@ Patch3: tiff-%{version}-tiff2pdf-colors.patch
Patch4: tiff-%{version}-NULL-deref.patch Patch4: tiff-%{version}-NULL-deref.patch
Patch5: tiff-%{version}-integer-overflow.patch Patch5: tiff-%{version}-integer-overflow.patch
Patch6: tiff-%{version}-oob-read.patch Patch6: tiff-%{version}-oob-read.patch
Patch7: tiff-%{version}-getimage-64bit.patch
# FYI: this issue is solved another way # FYI: this issue is solved another way
# http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1 # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1
# Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch # Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch
@ -103,6 +104,7 @@ the libtiff library.
%patch4 %patch4
%patch5 %patch5
%patch6 -p1 %patch6 -p1
%patch7 -p1
find -type d -name "CVS" | xargs rm -rfv find -type d -name "CVS" | xargs rm -rfv
find -type d | xargs chmod 755 find -type d | xargs chmod 755