summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch
blob: f554ac54648fe9baf741421277ebb8bdcdb72f14 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
From bd024f07019f5d9fea236675607a69f74a66bc7b Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Mon, 15 Aug 2016 21:26:56 +0000
Subject: [PATCH] * tools/rgb2ycbcr.c: validate values of -v and -h parameters
 to avoid potential divide by zero. Fixes CVE-2016-3623 (bugzilla #2569)

CVE: CVE-2016-3623
Upstream-Status: Backport
https://github.com/vadz/libtiff/commit/bd024f07019f5d9fea236675607a69f74a66bc7b

Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
---
 ChangeLog         | 5 +++++
 tools/rgb2ycbcr.c | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 5d60608..3e6642a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
 2016-08-15 Even Rouault <even.rouault at spatialys.com>
 
+	* tools/rgb2ycbcr.c: validate values of -v and -h parameters to
+	avoid potential divide by zero. Fixes CVE-2016-3623 (bugzilla #2569)
+
+2016-08-15 Even Rouault <even.rouault at spatialys.com>
+
 	* tools/tiffcrop.c: Fix out-of-bounds write in loadImage().
 	From patch libtiff-CVE-2016-3991.patch from
 	libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro (bugzilla #2543)
diff --git a/tools/rgb2ycbcr.c b/tools/rgb2ycbcr.c
index 3829d6b..51f4259 100644
--- a/tools/rgb2ycbcr.c
+++ b/tools/rgb2ycbcr.c
@@ -95,9 +95,13 @@ main(int argc, char* argv[])
 			break;
 		case 'h':
 			horizSubSampling = atoi(optarg);
+            if( horizSubSampling != 1 && horizSubSampling != 2 && horizSubSampling != 4 )
+                usage(-1);
 			break;
 		case 'v':
 			vertSubSampling = atoi(optarg);
+            if( vertSubSampling != 1 && vertSubSampling != 2 && vertSubSampling != 4 )
+                usage(-1);
 			break;
 		case 'r':
 			rowsperstrip = atoi(optarg);
-- 
2.7.4