b67797b39c
- security update
* CVE-2018-17795 [bsc#1110358]
% tiff-4.0.9-bsc1046077-CVE-2017-9935.patch renamed to
tiff-CVE-2017-9935,CVE-2018-17795.patch
* CVE-2018-16335 [bsc#1106853]
% tiff-CVE-2017-11613.patch renamed to
tiff-CVE-2017-11613,CVE-2018-16335,15209.patch
- add a possibility to build with ASAN
OBS-URL: https://build.opensuse.org/request/show/643137
OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=126
22 lines
932 B
Diff
22 lines
932 B
Diff
Index: tiff-4.0.9/libtiff/tif_dirread.c
|
|
===================================================================
|
|
--- tiff-4.0.9.orig/libtiff/tif_dirread.c 2018-06-04 16:49:48.940452546 +0200
|
|
+++ tiff-4.0.9/libtiff/tif_dirread.c 2018-06-04 16:50:18.572859131 +0200
|
|
@@ -5760,6 +5760,16 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
|
|
if( nstrips == 0 )
|
|
return;
|
|
|
|
+ /* If we are going to allocate a lot of memory, make sure that the */
|
|
+ /* file is as big as needed */
|
|
+ if( tif->tif_mode == O_RDONLY &&
|
|
+ nstrips > 1000000 &&
|
|
+ (offset >= TIFFGetFileSize(tif) ||
|
|
+ stripbytes > (TIFFGetFileSize(tif) - offset) / (nstrips - 1)) )
|
|
+ {
|
|
+ return;
|
|
+ }
|
|
+
|
|
newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
|
|
"for chopped \"StripByteCounts\" array");
|
|
newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
|