diff options
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files/CVE-2016-10271.patch')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2016-10271.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-10271.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-10271.patch new file mode 100644 index 0000000000..4fe5bcd6c7 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2016-10271.patch | |||
@@ -0,0 +1,30 @@ | |||
1 | From 9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a Mon Sep 17 00:00:00 2001 | ||
2 | From: erouault <erouault> | ||
3 | Date: Sat, 3 Dec 2016 11:35:56 +0000 | ||
4 | Subject: [PATCH] * tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i | ||
5 | (ignore) mode so that the output buffer is correctly incremented to avoid | ||
6 | write outside bounds. Reported by Agostino Sarubbo. Fixes | ||
7 | http://bugzilla.maptools.org/show_bug.cgi?id=2620 | ||
8 | |||
9 | Upstream-Status: Backport | ||
10 | CVE: CVE-2016-10271 | ||
11 | Signed-off-by: Rajkumar Veer <rveer@mvista.com> | ||
12 | |||
13 | --- | ||
14 | ChangeLog | 7 +++++++ | ||
15 | tools/tiffcrop.c | 2 +- | ||
16 | 2 files changed, 8 insertions(+), 1 deletion(-) | ||
17 | |||
18 | Index: tiff-4.0.7/tools/tiffcrop.c | ||
19 | =================================================================== | ||
20 | --- tiff-4.0.7.orig/tools/tiffcrop.c | ||
21 | +++ tiff-4.0.7/tools/tiffcrop.c | ||
22 | @@ -3698,7 +3698,7 @@ static int readContigStripsIntoBuffer (T | ||
23 | (unsigned long) strip, (unsigned long)rows); | ||
24 | return 0; | ||
25 | } | ||
26 | - bufp += bytes_read; | ||
27 | + bufp += stripsize; | ||
28 | } | ||
29 | |||
30 | return 1; | ||