diff options
| author | Lee Chee Yang <chee.yang.lee@intel.com> | 2021-05-11 18:59:10 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-05-20 12:36:41 +0100 |
| commit | 5471428610888c7ce997730f3d260476496340ca (patch) | |
| tree | 6a11c7af993e45f7c465b17191225f9966b96a0d /meta/recipes-multimedia/libtiff/files/CVE-2020-35524-1.patch | |
| parent | 60e33c1c4afc83e29bdb25d92875d2e0bb5c70fd (diff) | |
| download | poky-5471428610888c7ce997730f3d260476496340ca.tar.gz | |
tiff: fix CVE-2020-35523 CVE-2020-35524
(From OE-Core rev: 84239e11227bc0b0e2e6d3b2faa7a9ee63025dd1)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files/CVE-2020-35524-1.patch')
| -rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2020-35524-1.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2020-35524-1.patch b/meta/recipes-multimedia/libtiff/files/CVE-2020-35524-1.patch new file mode 100644 index 0000000000..5232eacb50 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2020-35524-1.patch | |||
| @@ -0,0 +1,42 @@ | |||
| 1 | From c6a12721b46f1a72974f91177890301730d7b330 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Thomas Bernard <miniupnp@free.fr> | ||
| 3 | Date: Tue, 10 Nov 2020 01:01:59 +0100 | ||
| 4 | Subject: [PATCH] tiff2pdf.c: properly calculate datasize when saving to JPEG | ||
| 5 | YCbCr | ||
| 6 | |||
| 7 | fixes #220 | ||
| 8 | Upstream-Status: Backport | ||
| 9 | https://gitlab.com/libtiff/libtiff/-/commit/c6a12721b46f1a72974f91177890301730d7b330 | ||
| 10 | https://gitlab.com/libtiff/libtiff/-/merge_requests/159/commits | ||
| 11 | CVE: CVE-2021-35524 | ||
| 12 | Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> | ||
| 13 | |||
| 14 | --- | ||
| 15 | tools/tiff2pdf.c | 11 ++++++++--- | ||
| 16 | 1 file changed, 8 insertions(+), 3 deletions(-) | ||
| 17 | |||
| 18 | diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c | ||
| 19 | index 719811ea..dc69d2f9 100644 | ||
| 20 | --- a/tools/tiff2pdf.c | ||
| 21 | +++ b/tools/tiff2pdf.c | ||
| 22 | @@ -2087,9 +2087,14 @@ void t2p_read_tiff_size(T2P* t2p, TIFF* input){ | ||
| 23 | #endif | ||
| 24 | (void) 0; | ||
| 25 | } | ||
| 26 | - k = checkMultiply64(TIFFScanlineSize(input), t2p->tiff_length, t2p); | ||
| 27 | - if(t2p->tiff_planar==PLANARCONFIG_SEPARATE){ | ||
| 28 | - k = checkMultiply64(k, t2p->tiff_samplesperpixel, t2p); | ||
| 29 | + if(t2p->pdf_compression == T2P_COMPRESS_JPEG | ||
| 30 | + && t2p->tiff_photometric == PHOTOMETRIC_YCBCR) { | ||
| 31 | + k = checkMultiply64(TIFFNumberOfStrips(input), TIFFStripSize(input), t2p); | ||
| 32 | + } else { | ||
| 33 | + k = checkMultiply64(TIFFScanlineSize(input), t2p->tiff_length, t2p); | ||
| 34 | + if(t2p->tiff_planar==PLANARCONFIG_SEPARATE){ | ||
| 35 | + k = checkMultiply64(k, t2p->tiff_samplesperpixel, t2p); | ||
| 36 | + } | ||
| 37 | } | ||
| 38 | if (k == 0) { | ||
| 39 | /* Assume we had overflow inside TIFFScanlineSize */ | ||
| 40 | -- | ||
| 41 | GitLab | ||
| 42 | |||