rpms / libtiff

Clone
Source Code
GIT

Blame SOURCES/libtiff-CVE-2018-17100.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   8dbc14875b19dc7024aeec95db645fa580080dab
  2.   SOURCES
  3.   libtiff-CVE-2018-17100.patch
Blob History Raw
b03815 
From 491e3acc55d7a54e2588de476733e93c4c7ffea0 Mon Sep 17 00:00:00 2001
b03815 
From: Young_X <YangX92@hotmail.com>
b03815 
Date: Sat, 8 Sep 2018 14:46:27 +0800
b03815 
Subject: [PATCH] avoid potential int32 overflows in multiply_ms()
b03815
b03815 
---
b03815 
 tools/ppm2tiff.c | 13 +++++++------
b03815 
 1 file changed, 7 insertions(+), 6 deletions(-)
b03815
b03815 
diff --git a/tools/ppm2tiff.c b/tools/ppm2tiff.c
b03815 
index 91415e9..81ffa3d 100644
b03815 
--- a/tools/ppm2tiff.c
b03815 
+++ b/tools/ppm2tiff.c
b03815 
@@ -72,15 +72,16 @@ BadPPM(char* file)
b03815 
 	exit(-2);
b03815 
 }
b03815
b03815 
+
b03815 
+#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
b03815 
+#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
b03815 
+
b03815 
 static tmsize_t
b03815 
 multiply_ms(tmsize_t m1, tmsize_t m2)
b03815 
 {
b03815 
-	tmsize_t bytes = m1 * m2;
b03815 
-
b03815 
-	if (m1 && bytes / m1 != m2)
b03815 
-		bytes = 0;
b03815 
-
b03815 
-	return bytes;
b03815 
+        if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 )
b03815 
+            return 0;
b03815 
+        return m1 * m2;
b03815 
 }
b03815
b03815 
 int
b03815 
--
b03815 
2.17.2
b03815

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation