diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-04-05 22:28:33 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-04-05 22:31:28 +0300 |
commit | 193236933b0f4ab91b1625b64e2187e2db4e0e8f (patch) | |
tree | e12769d7c76d8b0517d6de3d3c72189753d253ed /poky/meta/recipes-multimedia/libtiff/files/CVE-2018-8905.patch | |
parent | bd93df9478f2f56ffcbc8cb88f1709c735dcd85b (diff) | |
download | openbmc-193236933b0f4ab91b1625b64e2187e2db4e0e8f.tar.xz |
reset upstream subtrees to HEAD
Reset the following subtrees on HEAD:
poky: 8217b477a1(master)
meta-xilinx: 64aa3d35ae(master)
meta-openembedded: 0435c9e193(master)
meta-raspberrypi: 490a4441ac(master)
meta-security: cb6d1c85ee(master)
Squashed patches:
meta-phosphor: drop systemd 239 patches
meta-phosphor: mrw-api: use correct install path
Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-multimedia/libtiff/files/CVE-2018-8905.patch')
-rw-r--r-- | poky/meta/recipes-multimedia/libtiff/files/CVE-2018-8905.patch | 61 |
1 files changed, 0 insertions, 61 deletions
diff --git a/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-8905.patch b/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-8905.patch deleted file mode 100644 index 962646dbe..000000000 --- a/poky/meta/recipes-multimedia/libtiff/files/CVE-2018-8905.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 58a898cb4459055bb488ca815c23b880c242a27d Mon Sep 17 00:00:00 2001 -From: Even Rouault <even.rouault@spatialys.com> -Date: Sat, 12 May 2018 15:32:31 +0200 -Subject: [PATCH] LZWDecodeCompat(): fix potential index-out-of-bounds write. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2780 / - CVE-2018-8905 - -The fix consists in using the similar code LZWDecode() to validate we -don't write outside of the output buffer. - ---- -CVE: CVE-2018-8905 - -Upstream-Status: Backport [gitlab.com/libtiff/libtiff/commit/58a898...] - -Signed-off-by: Joe Slater <joe.slater@windriver.com> - ---- - libtiff/tif_lzw.c | 18 ++++++++++++------ - 1 file changed, 12 insertions(+), 6 deletions(-) - -diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c -index 4ccb443..94d85e3 100644 ---- a/libtiff/tif_lzw.c -+++ b/libtiff/tif_lzw.c -@@ -602,6 +602,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) - char *tp; - unsigned char *bp; - int code, nbits; -+ int len; - long nextbits, nextdata, nbitsmask; - code_t *codep, *free_entp, *maxcodep, *oldcodep; - -@@ -753,13 +754,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) - } while (--occ); - break; - } -- assert(occ >= codep->length); -- op += codep->length; -- occ -= codep->length; -- tp = op; -+ len = codep->length; -+ tp = op + len; - do { -- *--tp = codep->value; -- } while( (codep = codep->next) != NULL ); -+ int t; -+ --tp; -+ t = codep->value; -+ codep = codep->next; -+ *tp = (char)t; -+ } while (codep && tp > op); -+ assert(occ >= len); -+ op += len; -+ occ -= len; - } else { - *op++ = (char)code; - occ--; --- -1.7.9.5 - |