tiff: Security fix CVE-2016-10268
(From OE-Core rev: a384e06b6ac12541b9928ecbc5834ef1d505ac0f) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
ca16811eed
commit
46ee394865
|
@ -0,0 +1,30 @@
|
||||||
|
From 5397a417e61258c69209904e652a1f409ec3b9df Mon Sep 17 00:00:00 2001
|
||||||
|
From: erouault <erouault>
|
||||||
|
Date: Fri, 2 Dec 2016 22:13:32 +0000
|
||||||
|
Subject: [PATCH] * tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips
|
||||||
|
that can cause various issues, such as buffer overflows in the library.
|
||||||
|
Reported by Agostino Sarubbo. Fixes
|
||||||
|
http://bugzilla.maptools.org/show_bug.cgi?id=2598
|
||||||
|
|
||||||
|
Upstream-Status: Backport
|
||||||
|
CVE: CVE-2016-10268
|
||||||
|
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
|
||||||
|
|
||||||
|
---
|
||||||
|
ChangeLog | 7 +++++++
|
||||||
|
tools/tiffcp.c | 2 +-
|
||||||
|
2 files changed, 8 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
Index: tiff-4.0.7/tools/tiffcp.c
|
||||||
|
===================================================================
|
||||||
|
--- tiff-4.0.7.orig/tools/tiffcp.c
|
||||||
|
+++ tiff-4.0.7/tools/tiffcp.c
|
||||||
|
@@ -985,7 +985,7 @@ DECLAREcpFunc(cpDecodedStrips)
|
||||||
|
tstrip_t s, ns = TIFFNumberOfStrips(in);
|
||||||
|
uint32 row = 0;
|
||||||
|
_TIFFmemset(buf, 0, stripsize);
|
||||||
|
- for (s = 0; s < ns; s++) {
|
||||||
|
+ for (s = 0; s < ns && row < imagelength; s++) {
|
||||||
|
tsize_t cc = (row + rowsperstrip > imagelength) ?
|
||||||
|
TIFFVStripSize(in, imagelength - row) : stripsize;
|
||||||
|
if (TIFFReadEncodedStrip(in, s, buf, cc) < 0
|
|
@ -13,6 +13,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
|
||||||
file://CVE-2017-11335.patch \
|
file://CVE-2017-11335.patch \
|
||||||
file://CVE-2016-10271.patch \
|
file://CVE-2016-10271.patch \
|
||||||
file://CVE-2016-10093.patch \
|
file://CVE-2016-10093.patch \
|
||||||
|
file://CVE-2016-10268.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRC_URI[md5sum] = "77ae928d2c6b7fb46a21c3a29325157b"
|
SRC_URI[md5sum] = "77ae928d2c6b7fb46a21c3a29325157b"
|
||||||
|
|
Loading…
Reference in New Issue