summaryrefslogtreecommitdiffstats
path: root/source/l/libtiff/libtiff-CVE-2011-1167.patch
diff options
context:
space:
mode:
Diffstat (limited to 'source/l/libtiff/libtiff-CVE-2011-1167.patch')
-rw-r--r--source/l/libtiff/libtiff-CVE-2011-1167.patch53
1 files changed, 0 insertions, 53 deletions
diff --git a/source/l/libtiff/libtiff-CVE-2011-1167.patch b/source/l/libtiff/libtiff-CVE-2011-1167.patch
deleted file mode 100644
index d3fcf6f64..000000000
--- a/source/l/libtiff/libtiff-CVE-2011-1167.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Upstream patch for CVE-2011-1167, heap-based buffer overflow in thunder
-decoder (ZDI-CAN-1004).
-
-
-diff -Naur tiff-3.9.4.orig/libtiff/tif_thunder.c tiff-3.9.4/libtiff/tif_thunder.c
---- tiff-3.9.4.orig/libtiff/tif_thunder.c 2010-06-08 14:50:43.000000000 -0400
-+++ tiff-3.9.4/libtiff/tif_thunder.c 2011-03-18 12:17:13.635796403 -0400
-@@ -55,12 +55,32 @@
- static const int twobitdeltas[4] = { 0, 1, 0, -1 };
- static const int threebitdeltas[8] = { 0, 1, 2, 3, 0, -3, -2, -1 };
-
--#define SETPIXEL(op, v) { \
-- lastpixel = (v) & 0xf; \
-- if (npixels++ & 1) \
-- *op++ |= lastpixel; \
-- else \
-+#define SETPIXEL(op, v) { \
-+ lastpixel = (v) & 0xf; \
-+ if ( npixels < maxpixels ) \
-+ { \
-+ if (npixels++ & 1) \
-+ *op++ |= lastpixel; \
-+ else \
- op[0] = (tidataval_t) (lastpixel << 4); \
-+ } \
-+}
-+
-+static int
-+ThunderSetupDecode(TIFF* tif)
-+{
-+ static const char module[] = "ThunderSetupDecode";
-+
-+ if( tif->tif_dir.td_bitspersample != 4 )
-+ {
-+ TIFFErrorExt(tif->tif_clientdata, module,
-+ "Wrong bitspersample value (%d), Thunder decoder only supports 4bits per sample.",
-+ (int) tif->tif_dir.td_bitspersample );
-+ return 0;
-+ }
-+
-+
-+ return (1);
- }
-
- static int
-@@ -151,6 +171,7 @@
- (void) scheme;
- tif->tif_decoderow = ThunderDecodeRow;
- tif->tif_decodestrip = ThunderDecodeRow;
-+ tif->tif_setupdecode = ThunderSetupDecode;
- return (1);
- }
- #endif /* THUNDER_SUPPORT */