rpms / libtiff

Clone
Source Code
GIT

Blame SOURCES/libtiff-CVE-2018-12900.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   libtiff-CVE-2018-12900.patch
Blob History Raw
3528ec 
From 38e3984b95ed5dc9820cba7af13c9a000eba9742 Mon Sep 17 00:00:00 2001
3528ec 
From: pgajdos <pgajdos@suse.cz>
3528ec 
Date: Tue, 13 Nov 2018 09:03:31 +0100
3528ec 
Subject: [PATCH 06/10] prevent integer overflow
3528ec
3528ec 
---
3528ec 
 tools/tiffcp.c | 6 ++++++
3528ec 
 1 file changed, 6 insertions(+)
3528ec
3528ec 
diff --git a/tools/tiffcp.c b/tools/tiffcp.c
3528ec 
index 2903461..754ee9f 100644
3528ec 
--- a/tools/tiffcp.c
3528ec 
+++ b/tools/tiffcp.c
3528ec 
@@ -1402,6 +1402,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
3528ec 
 					status = 0;
3528ec 
 					goto done;
3528ec 
 				}
3528ec 
+				if (0xFFFFFFFF / tilew < spp)
3528ec 
+				{
3528ec 
+					TIFFError(TIFFFileName(in), "Error, either TileWidth (%u) or BitsPerSample (%u) is too large", tilew, bps);
3528ec 
+					status = 0;
3528ec 
+					goto done;
3528ec 
+				}
3528ec 
 				/*
3528ec 
 				 * Tile is clipped horizontally.  Calculate
3528ec 
 				 * visible portion and skewing factors.
3528ec 
--
3528ec 
2.17.2
3528ec

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation