diff options
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-multimedia/libtiff/files/CVE-2017-7602.patch')
-rw-r--r-- | import-layers/yocto-poky/meta/recipes-multimedia/libtiff/files/CVE-2017-7602.patch | 69 |
1 files changed, 0 insertions, 69 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-multimedia/libtiff/files/CVE-2017-7602.patch b/import-layers/yocto-poky/meta/recipes-multimedia/libtiff/files/CVE-2017-7602.patch deleted file mode 100644 index 9ed97e2467..0000000000 --- a/import-layers/yocto-poky/meta/recipes-multimedia/libtiff/files/CVE-2017-7602.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 66e7bd59520996740e4df5495a830b42fae48bc4 Mon Sep 17 00:00:00 2001 -From: erouault <erouault> -Date: Wed, 11 Jan 2017 16:33:34 +0000 -Subject: [PATCH] * libtiff/tif_read.c: avoid potential undefined behaviour on - signed integer addition in TIFFReadRawStrip1() in isMapped() case. Fixes - http://bugzilla.maptools.org/show_bug.cgi?id=2650 - -Upstream-Status: Backport - -CVE: CVE-2017-7602 -Signed-off-by: Rajkumar Veer <rveer@mvista.com> - -Index: tiff-4.0.7/ChangeLog -=================================================================== ---- tiff-4.0.7.orig/ChangeLog 2017-04-25 18:42:07.656135638 +0530 -+++ tiff-4.0.7/ChangeLog 2017-04-25 18:54:36.812147299 +0530 -@@ -8,6 +8,12 @@ - - 2017-01-11 Even Rouault <even.rouault at spatialys.com> - -+ * libtiff/tif_read.c: avoid potential undefined behaviour on signed integer -+ addition in TIFFReadRawStrip1() in isMapped() case. -+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650 -+ -+2017-01-11 Even Rouault <even.rouault at spatialys.com> -+ - * libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode() to avoid - undefined behaviour caused by invalid shift exponent. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648 -Index: tiff-4.0.7/libtiff/tif_read.c -=================================================================== ---- tiff-4.0.7.orig/libtiff/tif_read.c 2017-04-25 18:42:07.132135629 +0530 -+++ tiff-4.0.7/libtiff/tif_read.c 2017-04-25 18:58:25.272150855 +0530 -@@ -420,16 +420,26 @@ - return ((tmsize_t)(-1)); - } - } else { -- tmsize_t ma,mb; -+ tmsize_t ma; - tmsize_t n; -- ma=(tmsize_t)td->td_stripoffset[strip]; -- mb=ma+size; -- if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size)) -- n=0; -- else if ((mb<ma)||(mb<size)||(mb>tif->tif_size)) -- n=tif->tif_size-ma; -- else -- n=size; -+ if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)|| -+ ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size)) -+ { -+ n=0; -+ } -+ else if( ma > TIFF_TMSIZE_T_MAX - size ) -+ { -+ n=0; -+ } -+ else -+ { -+ tmsize_t mb=ma+size; -+ if (mb>tif->tif_size) -+ n=tif->tif_size-ma; -+ else -+ n=size; -+ } -+ - if (n!=size) { - #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) - TIFFErrorExt(tif->tif_clientdata, module, |