diff options
Diffstat (limited to 'poky/meta/recipes-multimedia/libtiff/tiff/CVE-2019-7663.patch')
-rw-r--r-- | poky/meta/recipes-multimedia/libtiff/tiff/CVE-2019-7663.patch | 77 |
1 files changed, 0 insertions, 77 deletions
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2019-7663.patch b/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2019-7663.patch deleted file mode 100644 index f244fb2f3..000000000 --- a/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2019-7663.patch +++ /dev/null @@ -1,77 +0,0 @@ -CVE: CVE-2019-7663 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From c6fc6c1fa895024c86285c58efd6424cf8078f32 Mon Sep 17 00:00:00 2001 -From: Thomas Bernard <miniupnp@free.fr> -Date: Mon, 11 Feb 2019 10:05:33 +0100 -Subject: [PATCH 1/2] check that (Tile Width)*(Samples/Pixel) do no overflow - -fixes bug 2833 ---- - tools/tiffcp.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/tools/tiffcp.c b/tools/tiffcp.c -index 2f406e2d..f0ee2c02 100644 ---- a/tools/tiffcp.c -+++ b/tools/tiffcp.c -@@ -1408,7 +1408,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer) - int status = 1; - uint32 imagew = TIFFRasterScanlineSize(in); - uint32 tilew = TIFFTileRowSize(in); -- int iskew = imagew - tilew*spp; -+ int iskew; - tsize_t tilesize = TIFFTileSize(in); - tdata_t tilebuf; - uint8* bufp = (uint8*) buf; -@@ -1416,6 +1416,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer) - uint32 row; - uint16 bps = 0, bytes_per_sample; - -+ if (spp > (0x7fffffff / tilew)) -+ { -+ TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)"); -+ return 0; -+ } -+ iskew = imagew - tilew*spp; - tilebuf = _TIFFmalloc(tilesize); - if (tilebuf == 0) - return 0; --- -2.20.1 - - -From da6454aa80b9bb3154dfab4e8b21637de47531e0 Mon Sep 17 00:00:00 2001 -From: Thomas Bernard <miniupnp@free.fr> -Date: Mon, 11 Feb 2019 21:42:03 +0100 -Subject: [PATCH 2/2] tiffcp.c: use INT_MAX - ---- - tools/tiffcp.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/tools/tiffcp.c b/tools/tiffcp.c -index f0ee2c02..8c81aa4f 100644 ---- a/tools/tiffcp.c -+++ b/tools/tiffcp.c -@@ -41,6 +41,7 @@ - #include <stdio.h> - #include <stdlib.h> - #include <string.h> -+#include <limits.h> - - #include <ctype.h> - -@@ -1416,7 +1417,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer) - uint32 row; - uint16 bps = 0, bytes_per_sample; - -- if (spp > (0x7fffffff / tilew)) -+ if (spp > (INT_MAX / tilew)) - { - TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)"); - return 0; --- -2.20.1 - |