diff options
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files/CVE-2017-7595.patch')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2017-7595.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-7595.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-7595.patch new file mode 100644 index 0000000000..851a37fc74 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-7595.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | commit 618d490090bfd10e613ac574ecff31a293904b44 | ||
2 | Author: erouault <erouault> | ||
3 | Date: Wed Jan 11 12:15:01 2017 +0000 | ||
4 | |||
5 | * libtiff/tif_jpeg.c: avoid integer division by zero | ||
6 | in JPEGSetupEncode() when horizontal or vertical sampling is set to 0. | ||
7 | Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653 | ||
8 | |||
9 | Upstream-Status: Backport | ||
10 | |||
11 | CVE: CVE-2017-7595 | ||
12 | Signed-off-by: Rajkumar Veer <rveer@mvista.com> | ||
13 | |||
14 | Index: tiff-4.0.7/ChangeLog | ||
15 | =================================================================== | ||
16 | --- tiff-4.0.7.orig/ChangeLog 2017-04-24 17:31:40.013832807 +0530 | ||
17 | +++ tiff-4.0.7/ChangeLog 2017-04-24 18:03:34.769782616 +0530 | ||
18 | @@ -8,6 +8,12 @@ | ||
19 | |||
20 | 2017-01-11 Even Rouault <even.rouault at spatialys.com> | ||
21 | |||
22 | + * libtiff/tif_jpeg.c: avoid integer division by zero in | ||
23 | + JPEGSetupEncode() when horizontal or vertical sampling is set to 0. | ||
24 | + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653 | ||
25 | + | ||
26 | +2017-01-11 Even Rouault <even.rouault at spatialys.com> | ||
27 | + | ||
28 | * libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile to | ||
29 | avoid UndefinedBehaviorSanitizer warning. | ||
30 | Patch by Nicolas Pena. | ||
31 | Index: tiff-4.0.7/libtiff/tif_jpeg.c | ||
32 | =================================================================== | ||
33 | --- tiff-4.0.7.orig/libtiff/tif_jpeg.c 2016-01-24 21:09:51.781641625 +0530 | ||
34 | +++ tiff-4.0.7/libtiff/tif_jpeg.c 2017-04-24 18:05:59.777778815 +0530 | ||
35 | @@ -1626,6 +1626,13 @@ | ||
36 | case PHOTOMETRIC_YCBCR: | ||
37 | sp->h_sampling = td->td_ycbcrsubsampling[0]; | ||
38 | sp->v_sampling = td->td_ycbcrsubsampling[1]; | ||
39 | + if( sp->h_sampling == 0 || sp->v_sampling == 0 ) | ||
40 | + { | ||
41 | + TIFFErrorExt(tif->tif_clientdata, module, | ||
42 | + "Invalig horizontal/vertical sampling value"); | ||
43 | + return (0); | ||
44 | + } | ||
45 | + | ||
46 | /* | ||
47 | * A ReferenceBlackWhite field *must* be present since the | ||
48 | * default value is inappropriate for YCbCr. Fill in the | ||