diff options
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files/CVE-2023-6277-3.patch')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2023-6277-3.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-6277-3.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-6277-3.patch new file mode 100644 index 0000000000..ed7d7e7b96 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-6277-3.patch | |||
@@ -0,0 +1,46 @@ | |||
1 | Backport of: | ||
2 | |||
3 | From de7bfd7d4377c266f81849579f696fa1ad5ba6c3 Mon Sep 17 00:00:00 2001 | ||
4 | From: Even Rouault <even.rouault@spatialys.com> | ||
5 | Date: Tue, 31 Oct 2023 20:13:45 +0100 | ||
6 | Subject: [PATCH] TIFFFetchDirectory(): remove useless allocsize vs filesize | ||
7 | check | ||
8 | |||
9 | CoverityScan rightly points that the max value for dircount16 * dirsize | ||
10 | is 4096 * 20. That's small enough not to do any check | ||
11 | |||
12 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/tiff/tree/debian/patches/CVE-2023-6277-3.patch?h=ubuntu/focal-security | ||
13 | Upstream commit https://gitlab.com/libtiff/libtiff/-/commit/de7bfd7d4377c266f81849579f696fa1ad5ba6c3] | ||
14 | CVE: CVE-2023-6277 | ||
15 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
16 | --- | ||
17 | libtiff/tif_dirread.c | 18 ------------------ | ||
18 | 1 file changed, 18 deletions(-) | ||
19 | |||
20 | --- tiff-4.1.0+git191117.orig/libtiff/tif_dirread.c | ||
21 | +++ tiff-4.1.0+git191117/libtiff/tif_dirread.c | ||
22 | @@ -4891,24 +4891,6 @@ TIFFFetchDirectory(TIFF* tif, uint64 dir | ||
23 | dircount16 = (uint16)dircount64; | ||
24 | dirsize = 20; | ||
25 | } | ||
26 | - const uint64 allocsize = (uint64)dircount16 * dirsize; | ||
27 | - if (allocsize > 100 * 1024 * 1024) | ||
28 | - { | ||
29 | - /* Before allocating a huge amount of memory for corrupted files, | ||
30 | - * check if size of requested memory is not greater than file size. | ||
31 | - */ | ||
32 | - const uint64 filesize = TIFFGetFileSize(tif); | ||
33 | - if (allocsize > filesize) | ||
34 | - { | ||
35 | - TIFFWarningExt( | ||
36 | - tif->tif_clientdata, module, | ||
37 | - "Requested memory size for TIFF directory of %" PRIu64 | ||
38 | - " is greater than filesize %" PRIu64 | ||
39 | - ". Memory not allocated, TIFF directory not read", | ||
40 | - allocsize, filesize); | ||
41 | - return 0; | ||
42 | - } | ||
43 | - } | ||
44 | origdir = _TIFFCheckMalloc(tif, dircount16, | ||
45 | dirsize, "to read TIFF directory"); | ||
46 | if (origdir == NULL) | ||