diff options
Diffstat (limited to 'source/l/libtiff/libtiff-CVE-2011-1167.patch')
-rw-r--r-- | source/l/libtiff/libtiff-CVE-2011-1167.patch | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/source/l/libtiff/libtiff-CVE-2011-1167.patch b/source/l/libtiff/libtiff-CVE-2011-1167.patch deleted file mode 100644 index d3fcf6f64..000000000 --- a/source/l/libtiff/libtiff-CVE-2011-1167.patch +++ /dev/null @@ -1,53 +0,0 @@ -Upstream patch for CVE-2011-1167, heap-based buffer overflow in thunder -decoder (ZDI-CAN-1004). - - -diff -Naur tiff-3.9.4.orig/libtiff/tif_thunder.c tiff-3.9.4/libtiff/tif_thunder.c ---- tiff-3.9.4.orig/libtiff/tif_thunder.c 2010-06-08 14:50:43.000000000 -0400 -+++ tiff-3.9.4/libtiff/tif_thunder.c 2011-03-18 12:17:13.635796403 -0400 -@@ -55,12 +55,32 @@ - static const int twobitdeltas[4] = { 0, 1, 0, -1 }; - static const int threebitdeltas[8] = { 0, 1, 2, 3, 0, -3, -2, -1 }; - --#define SETPIXEL(op, v) { \ -- lastpixel = (v) & 0xf; \ -- if (npixels++ & 1) \ -- *op++ |= lastpixel; \ -- else \ -+#define SETPIXEL(op, v) { \ -+ lastpixel = (v) & 0xf; \ -+ if ( npixels < maxpixels ) \ -+ { \ -+ if (npixels++ & 1) \ -+ *op++ |= lastpixel; \ -+ else \ - op[0] = (tidataval_t) (lastpixel << 4); \ -+ } \ -+} -+ -+static int -+ThunderSetupDecode(TIFF* tif) -+{ -+ static const char module[] = "ThunderSetupDecode"; -+ -+ if( tif->tif_dir.td_bitspersample != 4 ) -+ { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Wrong bitspersample value (%d), Thunder decoder only supports 4bits per sample.", -+ (int) tif->tif_dir.td_bitspersample ); -+ return 0; -+ } -+ -+ -+ return (1); - } - - static int -@@ -151,6 +171,7 @@ - (void) scheme; - tif->tif_decoderow = ThunderDecodeRow; - tif->tif_decodestrip = ThunderDecodeRow; -+ tif->tif_setupdecode = ThunderSetupDecode; - return (1); - } - #endif /* THUNDER_SUPPORT */ |