rpms / libtiff

Clone
Source Code
GIT

Blame SOURCES/0010-CVE-2018-17100-avoid-potential-int32-overflows-in-mu.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c8
  2.   SOURCES
  3.   0010-CVE-2018-17100-avoid-potential-int32-overflows-in-mu.patch
Blob History Raw
12208d 
From a04b4c4aec3bbfbbde9602ddb4e00809a1a4f92c Mon Sep 17 00:00:00 2001
21ff78 
From: Young_X <YangX92@hotmail.com>
21ff78 
Date: Sat, 8 Sep 2018 14:46:27 +0800
12208d 
Subject: [PATCH] (CVE-2018-17100) avoid potential int32 overflows in
12208d 
 multiply_ms()
21ff78
12208d 
(cherry picked from commit 6da1fb3f64d43be37e640efbec60400d1f1ac39e)
21ff78 
---
21ff78 
 tools/ppm2tiff.c | 13 +++++++------
21ff78 
 1 file changed, 7 insertions(+), 6 deletions(-)
21ff78
21ff78 
diff --git a/tools/ppm2tiff.c b/tools/ppm2tiff.c
12208d 
index 91415e96..81ffa3db 100644
21ff78 
--- a/tools/ppm2tiff.c
21ff78 
+++ b/tools/ppm2tiff.c
21ff78 
@@ -72,15 +72,16 @@ BadPPM(char* file)
21ff78 
 	exit(-2);
21ff78 
 }
21ff78
21ff78 
+
21ff78 
+#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
21ff78 
+#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
21ff78 
+
21ff78 
 static tmsize_t
21ff78 
 multiply_ms(tmsize_t m1, tmsize_t m2)
21ff78 
 {
21ff78 
-	tmsize_t bytes = m1 * m2;
21ff78 
-
21ff78 
-	if (m1 && bytes / m1 != m2)
21ff78 
-		bytes = 0;
21ff78 
-
21ff78 
-	return bytes;
21ff78 
+        if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 )
21ff78 
+            return 0;
21ff78 
+        return m1 * m2;
21ff78 
 }
21ff78
21ff78 
 int

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation