jcgruenhage/void-packages
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
void-packages/srcpkgs/tiff/patches/CVE-2017-11613_part2.patch
maxice8 2b9177d858 tiff: update to 4.0.10.
2018-11-11 08:50:07 -02:00

33 lines
1.2 KiB
Diff
Raw Blame History

From 7a092f8af2568d61993a8cc2e7a35a998d7d37be Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sat, 17 Mar 2018 09:36:29 +0100
Subject: [PATCH] ChopUpSingleUncompressedStrip: avoid memory exhaustion (CVE-2017-11613)
Rework fix done in 3719385a3fac5cfb20b487619a5f08abbf967cf8 to work in more
cases like https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6979.
Credit to OSS Fuzz
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2724
---
libtiff/tif_dirread.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index 1a3259c..6baa7b3 100644
--- libtiff/tif_dirread.c
+++ libtiff/tif_dirread.c
@@ -5702,9 +5702,8 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
/* file is as big as needed */
if( tif->tif_mode == O_RDONLY &&
nstrips > 1000000 &&
- (tif->tif_dir.td_stripoffset[0] >= TIFFGetFileSize(tif) ||
- tif->tif_dir.td_stripbytecount[0] >
- TIFFGetFileSize(tif) - tif->tif_dir.td_stripoffset[0]) )
+ (offset >= TIFFGetFileSize(tif) ||
+ stripbytes > (TIFFGetFileSize(tif) - offset) / (nstrips - 1)) )
{
return;
}
--
libgit2 0.27.0
Reference in a new issue View git blame Copy permalink