rpms / libtiff

Clone
Source Code
GIT

Blame SOURCES/libtiff-CVE-2018-17100.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   8373079c3b8cf2e78599b0735a7af0de8fa7ab6d
  2.   SOURCES
  3.   libtiff-CVE-2018-17100.patch
Blob History Raw
21ff78 
From 491e3acc55d7a54e2588de476733e93c4c7ffea0 Mon Sep 17 00:00:00 2001
21ff78 
From: Young_X <YangX92@hotmail.com>
21ff78 
Date: Sat, 8 Sep 2018 14:46:27 +0800
21ff78 
Subject: [PATCH] avoid potential int32 overflows in multiply_ms()
21ff78
21ff78 
---
21ff78 
 tools/ppm2tiff.c | 13 +++++++------
21ff78 
 1 file changed, 7 insertions(+), 6 deletions(-)
21ff78
21ff78 
diff --git a/tools/ppm2tiff.c b/tools/ppm2tiff.c
21ff78 
index 91415e9..81ffa3d 100644
21ff78 
--- a/tools/ppm2tiff.c
21ff78 
+++ b/tools/ppm2tiff.c
21ff78 
@@ -72,15 +72,16 @@ BadPPM(char* file)
21ff78 
 	exit(-2);
21ff78 
 }
21ff78
21ff78 
+
21ff78 
+#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
21ff78 
+#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
21ff78 
+
21ff78 
 static tmsize_t
21ff78 
 multiply_ms(tmsize_t m1, tmsize_t m2)
21ff78 
 {
21ff78 
-	tmsize_t bytes = m1 * m2;
21ff78 
-
21ff78 
-	if (m1 && bytes / m1 != m2)
21ff78 
-		bytes = 0;
21ff78 
-
21ff78 
-	return bytes;
21ff78 
+        if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 )
21ff78 
+            return 0;
21ff78 
+        return m1 * m2;
21ff78 
 }
21ff78
21ff78 
 int
21ff78 
--
21ff78 
2.17.2
21ff78

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation