tiff: Security fix for CVE-2016-10271
(From OE-Core rev: d358e9bda3dcbdcfff7008804099f89f97f8bf79) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
0d5277acc3
commit
18a0ad760c
|
@ -0,0 +1,30 @@
|
|||
From 9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a Mon Sep 17 00:00:00 2001
|
||||
From: erouault <erouault>
|
||||
Date: Sat, 3 Dec 2016 11:35:56 +0000
|
||||
Subject: [PATCH] * tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i
|
||||
(ignore) mode so that the output buffer is correctly incremented to avoid
|
||||
write outside bounds. Reported by Agostino Sarubbo. Fixes
|
||||
http://bugzilla.maptools.org/show_bug.cgi?id=2620
|
||||
|
||||
Upstream-Status: Backport
|
||||
CVE: CVE-2016-10271
|
||||
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
|
||||
|
||||
---
|
||||
ChangeLog | 7 +++++++
|
||||
tools/tiffcrop.c | 2 +-
|
||||
2 files changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
Index: tiff-4.0.7/tools/tiffcrop.c
|
||||
===================================================================
|
||||
--- tiff-4.0.7.orig/tools/tiffcrop.c
|
||||
+++ tiff-4.0.7/tools/tiffcrop.c
|
||||
@@ -3698,7 +3698,7 @@ static int readContigStripsIntoBuffer (T
|
||||
(unsigned long) strip, (unsigned long)rows);
|
||||
return 0;
|
||||
}
|
||||
- bufp += bytes_read;
|
||||
+ bufp += stripsize;
|
||||
}
|
||||
|
||||
return 1;
|
|
@ -11,6 +11,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
|
|||
file://CVE-2017-9936.patch \
|
||||
file://CVE-2017-10688.patch \
|
||||
file://CVE-2017-11335.patch \
|
||||
file://CVE-2016-10271.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "77ae928d2c6b7fb46a21c3a29325157b"
|
||||
|
|
Loading…
Reference in New Issue