summaryrefslogtreecommitdiffhomepage
path: root/patches/tiff/CVE-2018-12900.patch
diff options
context:
space:
mode:
Diffstat (limited to 'patches/tiff/CVE-2018-12900.patch')
-rw-r--r--patches/tiff/CVE-2018-12900.patch29
1 files changed, 29 insertions, 0 deletions
diff --git a/patches/tiff/CVE-2018-12900.patch b/patches/tiff/CVE-2018-12900.patch
new file mode 100644
index 00000000..f95cd06a
--- /dev/null
+++ b/patches/tiff/CVE-2018-12900.patch
@@ -0,0 +1,29 @@
+From 86861b86f26be5301ccfa96f9bf765051f4e644a Mon Sep 17 00:00:00 2001
+From: pgajdos <pgajdos@suse.cz>
+Date: Tue, 13 Nov 2018 09:03:31 +0100
+Subject: [PATCH] prevent integer overflow
+
+---
+ tools/tiffcp.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 2f406e2d..ece7ba13 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -1435,6 +1435,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
+ status = 0;
+ goto done;
+ }
++ if (0xFFFFFFFF / tilew < spp)
++ {
++ TIFFError(TIFFFileName(in), "Error, either TileWidth (%u) or BitsPerSample (%u) is too large", tilew, bps);
++ status = 0;
++ goto done;
++ }
+ bytes_per_sample = bps/8;
+
+ for (row = 0; row < imagelength; row += tl) {
+--
+2.18.1
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-16 07:07:28 +0000