diff options
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files/CVE-2017-13727.patch')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2017-13727.patch | 65 |
1 files changed, 0 insertions, 65 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-13727.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-13727.patch deleted file mode 100644 index e228c2f17c..0000000000 --- a/meta/recipes-multimedia/libtiff/files/CVE-2017-13727.patch +++ /dev/null | |||
@@ -1,65 +0,0 @@ | |||
1 | From a5e8245cc67646f7b448b4ca29258eaac418102c Mon Sep 17 00:00:00 2001 | ||
2 | From: Even Rouault <even.rouault@spatialys.com> | ||
3 | Date: Wed, 23 Aug 2017 13:33:42 +0000 | ||
4 | Subject: [PATCH] * libtiff/tif_dirwrite.c: replace assertion to tag value not | ||
5 | fitting on uint32 when selecting the value of SubIFD tag by runtime check (in | ||
6 | TIFFWriteDirectoryTagSubifd()). Fixes | ||
7 | http://bugzilla.maptools.org/show_bug.cgi?id=2728 Reported by team OWL337 | ||
8 | |||
9 | SubIFD tag by runtime check (in TIFFWriteDirectorySec()) | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | [https://github.com/vadz/libtiff/commit/b6af137bf9ef852f1a48a50a5afb88f9e9da01cc] | ||
13 | |||
14 | CVE: CVE-2017-13727 | ||
15 | |||
16 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
17 | --- | ||
18 | ChangeLog | 10 +++++++++- | ||
19 | libtiff/tif_dirwrite.c | 9 ++++++++- | ||
20 | 2 files changed, 17 insertions(+), 2 deletions(-) | ||
21 | |||
22 | diff --git a/ChangeLog b/ChangeLog | ||
23 | index 3e299d9..8f5efe9 100644 | ||
24 | --- a/ChangeLog | ||
25 | +++ b/ChangeLog | ||
26 | @@ -1,7 +1,15 @@ | ||
27 | 2017-08-23 Even Rouault <even.rouault at spatialys.com> | ||
28 | |||
29 | + * libtiff/tif_dirwrite.c: replace assertion to tag value not fitting | ||
30 | + on uint32 when selecting the value of SubIFD tag by runtime check | ||
31 | + (in TIFFWriteDirectoryTagSubifd()). | ||
32 | + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2728 | ||
33 | + Reported by team OWL337 | ||
34 | + | ||
35 | +2017-08-23 Even Rouault <even.rouault at spatialys.com> | ||
36 | + | ||
37 | * libtiff/tif_dirwrite.c: replace assertion related to not finding the | ||
38 | - SubIFD tag by runtime check. | ||
39 | + SubIFD tag by runtime check (in TIFFWriteDirectorySec()) | ||
40 | Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2727 | ||
41 | Reported by team OWL337 | ||
42 | |||
43 | diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c | ||
44 | index 14090ae..f0a4baa 100644 | ||
45 | --- a/libtiff/tif_dirwrite.c | ||
46 | +++ b/libtiff/tif_dirwrite.c | ||
47 | @@ -1949,7 +1949,14 @@ TIFFWriteDirectoryTagSubifd(TIFF* tif, uint32* ndir, TIFFDirEntry* dir) | ||
48 | for (p=0; p < tif->tif_dir.td_nsubifd; p++) | ||
49 | { | ||
50 | assert(pa != 0); | ||
51 | - assert(*pa <= 0xFFFFFFFFUL); | ||
52 | + | ||
53 | + /* Could happen if an classicTIFF has a SubIFD of type LONG8 (which is illegal) */ | ||
54 | + if( *pa > 0xFFFFFFFFUL) | ||
55 | + { | ||
56 | + TIFFErrorExt(tif->tif_clientdata,module,"Illegal value for SubIFD tag"); | ||
57 | + _TIFFfree(o); | ||
58 | + return(0); | ||
59 | + } | ||
60 | *pb++=(uint32)(*pa++); | ||
61 | } | ||
62 | n=TIFFWriteDirectoryTagCheckedIfdArray(tif,ndir,dir,TIFFTAG_SUBIFD,tif->tif_dir.td_nsubifd,o); | ||
63 | -- | ||
64 | 2.7.4 | ||
65 | |||