Blame SOURCES/libtiff-CVE-2016-9540.patch
|
|
460672 |
From aa6829cda019f56ed882b2db2d1e84c994412f9d Mon Sep 17 00:00:00 2001
|
|
|
460672 |
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
|
|
|
460672 |
Date: Wed, 11 Jan 2017 12:58:22 +0100
|
|
|
460672 |
Subject: [PATCH 3/5] Fix CVE-2016-9540
|
|
|
460672 |
|
|
|
460672 |
---
|
|
|
460672 |
tools/tiffcp.c | 4 ++--
|
|
|
460672 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
460672 |
|
|
|
460672 |
diff --git a/tools/tiffcp.c b/tools/tiffcp.c
|
|
|
460672 |
index 8c696db..2903461 100644
|
|
|
460672 |
--- a/tools/tiffcp.c
|
|
|
460672 |
+++ b/tools/tiffcp.c
|
|
|
460672 |
@@ -1330,7 +1330,7 @@ DECLAREreadFunc(readContigTilesIntoBuffer)
|
|
|
460672 |
uint32 colb = 0;
|
|
|
460672 |
uint32 col;
|
|
|
460672 |
|
|
|
460672 |
- for (col = 0; col < imagewidth; col += tw) {
|
|
|
460672 |
+ for (col = 0; col < imagewidth && colb < imagew; col += tw) {
|
|
|
460672 |
if (TIFFReadTile(in, tilebuf, col, row, 0, 0) < 0
|
|
|
460672 |
&& !ignore) {
|
|
|
460672 |
TIFFError(TIFFFileName(in),
|
|
|
460672 |
@@ -1515,7 +1515,7 @@ DECLAREwriteFunc(writeBufferToContigTiles)
|
|
|
460672 |
uint32 colb = 0;
|
|
|
460672 |
uint32 col;
|
|
|
460672 |
|
|
|
460672 |
- for (col = 0; col < imagewidth; col += tw) {
|
|
|
460672 |
+ for (col = 0; col < imagewidth && colb < imagew; col += tw) {
|
|
|
460672 |
/*
|
|
|
460672 |
* Tile is clipped horizontally. Calculate
|
|
|
460672 |
* visible portion and skewing factors.
|
|
|
460672 |
--
|
|
|
460672 |
2.7.4
|
|
|
460672 |
|