diff options
| author | Lucio Andrés Illanes Albornoz <lucio@lucioillanes.de> | 2019-03-23 17:56:18 +0000 |
|---|---|---|
| committer | Lucio Andrés Illanes Albornoz <lucio@lucioillanes.de> | 2019-03-23 17:56:18 +0000 |
| commit | 4e574b64ac30b77c767f6466eaced934c7a4ce54 (patch) | |
| tree | 4020dafa63b71dd605d0e76528c1ebfaa5697713 /patches/tiff/CVE-2017-11613.patch | |
| parent | 3c21bc0ef035b510bc3691c79cfd939fe4755068 (diff) | |
| download | midipix_build-4e574b64ac30b77c767f6466eaced934c7a4ce54.tar.bz2 midipix_build-4e574b64ac30b77c767f6466eaced934c7a4ce54.tar.xz | |
vars/build.vars:{clzip,expat}{_host,}: updated to v{1.11,2.2.6} (via Redfoxmoon.)
vars/build.vars:libxml2: updated to v2.9.9 (via Redfoxmoon.)
vars/build.vars:libunistring: updated to v0.9.10 (via Redfoxmoon.)
vars/build.vars:libpng: updated to v1.6.36 (via Redfoxmoon.)
vars/build.vars:tiff: updated to v4.0.10 (via Redfoxmoon.)
vars/build.vars:gdbm: updated to v1.18.1 (via Redfoxmoon.)
vars/build.vars:pcre: updated to v8.43 (via Redfoxmoon.)
vars/build.vars:gzip: updated to v1.10 (via Redfoxmoon.)
vars/build.vars:gzip:${PKG_{CFLAGS_CONFIGURE_EXTRA,CONFIGURE_ARGS,MAKEFLAGS_{BUILD,INSTALL}_EXTRA}}: unset (via Redfoxmoon.)
vars/build.vars:libvorbis: updated to v1.3.6 (via Redfoxmoon.)
vars/build.vars:libxslt: updated to v1.1.33 (via Redfoxmoon.)
vars/build.vars:libtirpc: updated to v1.1.4 (via Redfoxmoon.)
patches/expat-2.2.{5,6}.local.patch: updated (via Redfoxmoon.)
patches/libtirpc-1.{0.3,1.4}.local.patch: updated (via Redfoxmoon.)
patches/libvorbis-1.3.5.local.patch: removes obsolete patch (via Redfoxmoon.)
patches/libxslt-1.1.3{2,3}.local.patch: updated (via Redfoxmoon.)
patches/pcre-8.4{2,3}.local.patch: updated (via Redfoxmoon.)
patches/tiff/CVE-{2017-{11613,17095,18013,9935},2018-{10963,5784,7456,8905}}.patch: removes obsolete patches (via Redfoxmoon.)
patches/tiff/CVE-2018-12900.patch: added (via Redfoxmoon.)
Diffstat (limited to 'patches/tiff/CVE-2017-11613.patch')
| -rw-r--r-- | patches/tiff/CVE-2017-11613.patch | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/patches/tiff/CVE-2017-11613.patch b/patches/tiff/CVE-2017-11613.patch deleted file mode 100644 index b3f600a9..00000000 --- a/patches/tiff/CVE-2017-11613.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 5c3bc1c78dfe05eb5f4224650ad606b75e1f7034 Mon Sep 17 00:00:00 2001 -From: Even Rouault <even.rouault@spatialys.com> -Date: Sun, 11 Mar 2018 11:14:01 +0100 -Subject: [PATCH] ChopUpSingleUncompressedStrip: avoid memory exhaustion - (CVE-2017-11613) - -In ChopUpSingleUncompressedStrip(), if the computed number of strips is big -enough and we are in read only mode, validate that the file size is consistent -with that number of strips to avoid useless attempts at allocating a lot of -memory for the td_stripbytecount and td_stripoffset arrays. - -Rework fix done in 3719385a3fac5cfb20b487619a5f08abbf967cf8 to work in more -cases like https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6979. -Credit to OSS Fuzz - -Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2724 ---- - libtiff/tif_dirread.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c -index 80aaf8d..5896a78 100644 ---- a/libtiff/tif_dirread.c -+++ b/libtiff/tif_dirread.c -@@ -5760,6 +5760,16 @@ ChopUpSingleUncompressedStrip(TIFF* tif) - if( nstrips == 0 ) - return; - -+ /* If we are going to allocate a lot of memory, make sure that the */ -+ /* file is as big as needed */ -+ if( tif->tif_mode == O_RDONLY && -+ nstrips > 1000000 && -+ (offset >= TIFFGetFileSize(tif) || -+ stripbytes > (TIFFGetFileSize(tif) - offset) / (nstrips - 1)) ) -+ { -+ return; -+ } -+ - newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), - "for chopped \"StripByteCounts\" array"); - newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), --- -2.17.1 - |