diff options
Diffstat (limited to 'gnu/packages/patches/libtiff-CVE-2016-5314.patch')
| -rw-r--r-- | gnu/packages/patches/libtiff-CVE-2016-5314.patch | 45 |
1 files changed, 0 insertions, 45 deletions
diff --git a/gnu/packages/patches/libtiff-CVE-2016-5314.patch b/gnu/packages/patches/libtiff-CVE-2016-5314.patch deleted file mode 100644 index e5380f8639..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-5314.patch +++ /dev/null @@ -1,45 +0,0 @@ -Fix CVE-2016-5314. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5314 -bugzilla.maptools.org/show_bug.cgi?id=2554 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.43 -r1.44 libtiff/tif_pixarlog.c - -Index: libtiff/tif_pixarlog.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v -retrieving revision 1.43 -retrieving revision 1.44 -diff -u -r1.43 -r1.44 ---- libtiff/libtiff/tif_pixarlog.c 27 Dec 2015 20:14:11 -0000 1.43 -+++ libtiff/libtiff/tif_pixarlog.c 28 Jun 2016 15:12:19 -0000 1.44 -@@ -459,6 +459,7 @@ - typedef struct { - TIFFPredictorState predict; - z_stream stream; -+ tmsize_t tbuf_size; /* only set/used on reading for now */ - uint16 *tbuf; - uint16 stride; - int state; -@@ -694,6 +695,7 @@ - sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size); - if (sp->tbuf == NULL) - return (0); -+ sp->tbuf_size = tbuf_size; - if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) - sp->user_datafmt = PixarLogGuessDataFmt(td); - if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) { -@@ -783,6 +785,12 @@ - TIFFErrorExt(tif->tif_clientdata, module, "ZLib cannot deal with buffers this size"); - return (0); - } -+ /* Check that we will not fill more than what was allocated */ -+ if (sp->stream.avail_out > sp->tbuf_size) -+ { -+ TIFFErrorExt(tif->tif_clientdata, module, "sp->stream.avail_out > sp->tbuf_size"); -+ return (0); -+ } - do { - int state = inflate(&sp->stream, Z_PARTIAL_FLUSH); - if (state == Z_STREAM_END) { |