aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/libtiff-CVE-2016-5652.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/libtiff-CVE-2016-5652.patch')
-rw-r--r--gnu/packages/patches/libtiff-CVE-2016-5652.patch47
1 files changed, 0 insertions, 47 deletions
diff --git a/gnu/packages/patches/libtiff-CVE-2016-5652.patch b/gnu/packages/patches/libtiff-CVE-2016-5652.patch
deleted file mode 100644
index 54b87d0185..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2016-5652.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Fix CVE-2016-5652 (buffer overflow in t2p_readwrite_pdf_image_tile()).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5652
-
-Patches exfiltrated from upstream CVS repo with:
-cvs diff -u -r 1.92 -r 1.94 tools/tiff2pdf.c
-
-Index: tools/tiff2pdf.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
-retrieving revision 1.92
-retrieving revision 1.94
-diff -u -r1.92 -r1.94
---- a/tools/tiff2pdf.c 23 Sep 2016 22:12:18 -0000 1.92
-+++ b/tools/tiff2pdf.c 9 Oct 2016 11:03:36 -0000 1.94
-@@ -2887,21 +2887,24 @@
- return(0);
- }
- if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {
-- if (count > 0) {
-- _TIFFmemcpy(buffer, jpt, count);
-+ if (count >= 4) {
-+ /* Ignore EOI marker of JpegTables */
-+ _TIFFmemcpy(buffer, jpt, count - 2);
- bufferoffset += count - 2;
-+ /* Store last 2 bytes of the JpegTables */
- table_end[0] = buffer[bufferoffset-2];
- table_end[1] = buffer[bufferoffset-1];
-- }
-- if (count > 0) {
- xuint32 = bufferoffset;
-+ bufferoffset -= 2;
- bufferoffset += TIFFReadRawTile(
- input,
- tile,
-- (tdata_t) &(((unsigned char*)buffer)[bufferoffset-2]),
-+ (tdata_t) &(((unsigned char*)buffer)[bufferoffset]),
- -1);
-- buffer[xuint32-2]=table_end[0];
-- buffer[xuint32-1]=table_end[1];
-+ /* Overwrite SOI marker of image scan with previously */
-+ /* saved end of JpegTables */
-+ buffer[xuint32-2]=table_end[0];
-+ buffer[xuint32-1]=table_end[1];
- } else {
- bufferoffset += TIFFReadRawTile(
- input,