diff options
Diffstat (limited to 'gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch')
| -rw-r--r-- | gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch b/gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch new file mode 100644 index 0000000000..b8a3703c4c --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch @@ -0,0 +1,45 @@ +Copied from Debian + +From 1f7359b00663804d96c3a102bcb6ead9812c1509 Mon Sep 17 00:00:00 2001 +From: erouault <erouault> +Date: Tue, 23 Dec 2014 10:15:35 +0000 +Subject: [PATCH] * libtiff/tif_read.c: fix several invalid comparisons of a + uint64 value with <= 0 by casting it to int64 first. This solves crashing bug + on corrupted images generated by afl. + +--- + ChangeLog | 6 ++++++ + libtiff/tif_read.c | 6 +++--- + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c +index 2ba822a..dfc5b07 100644 +--- a/libtiff/tif_read.c ++++ b/libtiff/tif_read.c +@@ -458,7 +458,7 @@ TIFFReadRawStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size) + return ((tmsize_t)(-1)); + } + bytecount = td->td_stripbytecount[strip]; +- if (bytecount <= 0) { ++ if ((int64)bytecount <= 0) { + #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) + TIFFErrorExt(tif->tif_clientdata, module, + "%I64u: Invalid strip byte count, strip %lu", +@@ -498,7 +498,7 @@ TIFFFillStrip(TIFF* tif, uint32 strip) + if ((tif->tif_flags&TIFF_NOREADRAW)==0) + { + uint64 bytecount = td->td_stripbytecount[strip]; +- if (bytecount <= 0) { ++ if ((int64)bytecount <= 0) { + #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) + TIFFErrorExt(tif->tif_clientdata, module, + "Invalid strip byte count %I64u, strip %lu", +@@ -801,7 +801,7 @@ TIFFFillTile(TIFF* tif, uint32 tile) + if ((tif->tif_flags&TIFF_NOREADRAW)==0) + { + uint64 bytecount = td->td_stripbytecount[tile]; +- if (bytecount <= 0) { ++ if ((int64)bytecount <= 0) { + #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) + TIFFErrorExt(tif->tif_clientdata, module, + "%I64u: Invalid tile byte count, tile %lu", |