summary refs log tree commit diff
path: root/gnu/packages/patches/libtiff-CVE-2014-9655.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/libtiff-CVE-2014-9655.patch')
-rw-r--r--gnu/packages/patches/libtiff-CVE-2014-9655.patch88
1 files changed, 0 insertions, 88 deletions
diff --git a/gnu/packages/patches/libtiff-CVE-2014-9655.patch b/gnu/packages/patches/libtiff-CVE-2014-9655.patch
deleted file mode 100644
index 065804d03a..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2014-9655.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-Copied from Debian
-
-From 40a5955cbf0df62b1f9e9bd7d9657b0070725d19 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Mon, 29 Dec 2014 12:09:11 +0000
-Subject: [PATCH] * libtiff/tif_next.c: add new tests to check that we don't
- read outside of the compressed input stream buffer.
-
-* libtiff/tif_getimage.c: in OJPEG case, fix checks on strile width/height
----
- ChangeLog              |  9 +++++++++
- libtiff/tif_getimage.c | 12 +++++++-----
- libtiff/tif_next.c     |  4 +++-
- 3 files changed, 19 insertions(+), 6 deletions(-)
-
-diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
-index a4f46d9..3ad8ee7 100644
---- a/libtiff/tif_getimage.c
-+++ b/libtiff/tif_getimage.c
-@@ -1871,7 +1871,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr42tile)
- 
-     (void) y;
-     fromskew = (fromskew * 10) / 4;
--    if ((h & 3) == 0 && (w & 1) == 0) {
-+    if ((w & 3) == 0 && (h & 1) == 0) {
-         for (; h >= 2; h -= 2) {
-             x = w>>2;
-             do {
-@@ -1948,7 +1948,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr41tile)
-     /* XXX adjust fromskew */
-     do {
- 	x = w>>2;
--	do {
-+	while(x>0) {
- 	    int32 Cb = pp[4];
- 	    int32 Cr = pp[5];
- 
-@@ -1959,7 +1959,8 @@ DECLAREContigPutFunc(putcontig8bitYCbCr41tile)
- 
- 	    cp += 4;
- 	    pp += 6;
--	} while (--x);
-+		x--;
-+	}
- 
-         if( (w&3) != 0 )
-         {
-@@ -2050,7 +2051,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr21tile)
- 	fromskew = (fromskew * 4) / 2;
- 	do {
- 		x = w>>1;
--		do {
-+		while(x>0) {
- 			int32 Cb = pp[2];
- 			int32 Cr = pp[3];
- 
-@@ -2059,7 +2060,8 @@ DECLAREContigPutFunc(putcontig8bitYCbCr21tile)
- 
- 			cp += 2;
- 			pp += 4;
--		} while (--x);
-+			x --;
-+		}
- 
- 		if( (w&1) != 0 )
- 		{
-diff --git a/libtiff/tif_next.c b/libtiff/tif_next.c
-index d834196..dd669cc 100644
---- a/libtiff/tif_next.c
-+++ b/libtiff/tif_next.c
-@@ -71,7 +71,7 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
- 		TIFFErrorExt(tif->tif_clientdata, module, "Fractional scanlines cannot be read");
- 		return (0);
- 	}
--	for (row = buf; occ > 0; occ -= scanline, row += scanline) {
-+	for (row = buf; cc > 0 && occ > 0; occ -= scanline, row += scanline) {
- 		n = *bp++, cc--;
- 		switch (n) {
- 		case LITERALROW:
-@@ -90,6 +90,8 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
- 			 * The scanline has a literal span that begins at some
- 			 * offset.
- 			 */
-+			if( cc < 4 )
-+				goto bad;
- 			off = (bp[0] * 256) + bp[1];
- 			n = (bp[2] * 256) + bp[3];
- 			if (cc < 4+n || off+n > scanline)
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-26 03:04:37 +0000