Blame SOURCES/CVE-2021-25290.patch
|
 |
ed67fe |
From c558baf01a97aed376a67ff4641f1c3c864ae3f0 Mon Sep 17 00:00:00 2001
|
|
|
ed67fe |
From: Lumir Balhar <lbalhar@redhat.com>
|
|
|
ed67fe |
Date: Thu, 8 Apr 2021 17:55:26 +0200
|
|
|
ed67fe |
Subject: [PATCH 1/4] CVE-2021-25290
|
|
|
ed67fe |
|
|
|
ed67fe |
---
|
|
|
ed67fe |
src/libImaging/TiffDecode.c | 5 +++++
|
|
|
ed67fe |
1 file changed, 5 insertions(+)
|
|
|
ed67fe |
|
|
|
ed67fe |
diff --git a/src/libImaging/TiffDecode.c b/src/libImaging/TiffDecode.c
|
|
|
ed67fe |
index f292da3..d17b557 100644
|
|
|
ed67fe |
--- a/src/libImaging/TiffDecode.c
|
|
|
ed67fe |
+++ b/src/libImaging/TiffDecode.c
|
|
|
ed67fe |
@@ -36,6 +36,11 @@ tsize_t _tiffReadProc(thandle_t hdata, tdata_t buf, tsize_t size) {
|
|
|
ed67fe |
TRACE(("_tiffReadProc: %d \n", (int)size));
|
|
|
ed67fe |
dump_state(state);
|
|
|
ed67fe |
|
|
|
ed67fe |
+ if (state->loc > state->eof) {
|
|
|
ed67fe |
+ TIFFError("_tiffReadProc", "Invalid Read at loc %d, eof: %d", state->loc, state->eof);
|
|
|
ed67fe |
+ return 0;
|
|
|
ed67fe |
+ }
|
|
|
ed67fe |
+
|
|
|
ed67fe |
to_read = min(size, min(state->size, (tsize_t)state->eof) - (tsize_t)state->loc);
|
|
|
ed67fe |
TRACE(("to_read: %d\n", (int)to_read));
|
|
|
ed67fe |
|
|
|
ed67fe |
--
|
|
|
ed67fe |
2.30.2
|
|
|
ed67fe |
|