summary refs log tree commit diff
path: root/gnu/packages/patches/libtiff-CVE-2016-3990.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/libtiff-CVE-2016-3990.patch')
-rw-r--r--gnu/packages/patches/libtiff-CVE-2016-3990.patch31
1 files changed, 0 insertions, 31 deletions
diff --git a/gnu/packages/patches/libtiff-CVE-2016-3990.patch b/gnu/packages/patches/libtiff-CVE-2016-3990.patch
deleted file mode 100644
index 7641c3073b..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2016-3990.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Fix CVE-2016-3990 (write buffer overflow in PixarLogEncode if more input
-samples are provided than expected by PixarLogSetupEncode).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3990
-http://bugzilla.maptools.org/show_bug.cgi?id=2544
-
-Patch extracted from upstream CVS repo with:
-$ cvs diff -u -r1.45 -r1.46 libtiff/tif_pixarlog.c
-
-Index: libtiff/tif_pixarlog.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v
-retrieving revision 1.45
-retrieving revision 1.46
-diff -u -r1.45 -r1.46
---- libtiff/libtiff/tif_pixarlog.c	28 Jun 2016 15:37:33 -0000	1.45
-+++ libtiff/libtiff/tif_pixarlog.c	15 Aug 2016 20:49:48 -0000	1.46
-@@ -1141,6 +1141,13 @@
- 	}
- 
- 	llen = sp->stride * td->td_imagewidth;
-+    /* Check against the number of elements (of size uint16) of sp->tbuf */
-+    if( n > td->td_rowsperstrip * llen )
-+    {
-+        TIFFErrorExt(tif->tif_clientdata, module,
-+                     "Too many input bytes provided");
-+        return 0;
-+    }
- 
- 	for (i = 0, up = sp->tbuf; i < n; i += llen, up += llen) {
- 		switch (sp->user_datafmt)  {