aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch')
-rw-r--r--gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch67
1 files changed, 0 insertions, 67 deletions
diff --git a/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch b/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch
deleted file mode 100644
index f0fef08bf3..0000000000
--- a/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-Fix heap buffer overflow in tiffcp when parsing number of inks:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2599
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
- * tools/tif_dir.c: when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is
-called,
- limit the return number of inks to SamplesPerPixel, so that code that
-parses
- ink names doesn't go past the end of the buffer.
- Reported by Agostino Sarubbo.
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
-new revision: 1.1184; previous revision: 1.1183
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v <-- libtiff/tif_dir.c
-new revision: 1.128; previous revision: 1.127
-
-Index: libtiff/libtiff/tif_dir.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v
-retrieving revision 1.127
-retrieving revision 1.128
-diff -u -r1.127 -r1.128
---- libtiff/libtiff/tif_dir.c 25 Oct 2016 21:35:15 -0000 1.127
-+++ libtiff/libtiff/tif_dir.c 3 Dec 2016 15:30:31 -0000 1.128
-@@ -1,4 +1,4 @@
--/* $Id: tif_dir.c,v 1.127 2016-10-25 21:35:15 erouault Exp $ */
-+/* $Id: tif_dir.c,v 1.128 2016-12-03 15:30:31 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -854,6 +854,32 @@
- if( fip == NULL ) /* cannot happen since TIFFGetField() already checks it */
- return 0;
-
-+ if( tag == TIFFTAG_NUMBEROFINKS )
-+ {
-+ int i;
-+ for (i = 0; i < td->td_customValueCount; i++) {
-+ uint16 val;
-+ TIFFTagValue *tv = td->td_customValues + i;
-+ if (tv->info->field_tag != tag)
-+ continue;
-+ val = *(uint16 *)tv->value;
-+ /* Truncate to SamplesPerPixel, since the */
-+ /* setting code for INKNAMES assume that there are SamplesPerPixel */
-+ /* inknames. */
-+ /* Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 */
-+ if( val > td->td_samplesperpixel )
-+ {
-+ TIFFWarningExt(tif->tif_clientdata,"_TIFFVGetField",
-+ "Truncating NumberOfInks from %u to %u",
-+ val, td->td_samplesperpixel);
-+ val = td->td_samplesperpixel;
-+ }
-+ *va_arg(ap, uint16*) = val;
-+ return 1;
-+ }
-+ return 0;
-+ }
-+
- /*
- * We want to force the custom code to be used for custom
- * fields even if the tag happens to match a well known