summaryrefslogtreecommitdiff
path: root/repo/tiff/CVE-2018-12900.patch
diff options
context:
space:
mode:
Diffstat (limited to 'repo/tiff/CVE-2018-12900.patch')
-rw-r--r--repo/tiff/CVE-2018-12900.patch29
1 files changed, 29 insertions, 0 deletions
diff --git a/repo/tiff/CVE-2018-12900.patch b/repo/tiff/CVE-2018-12900.patch
new file mode 100644
index 0000000..f95cd06
--- /dev/null
+++ b/repo/tiff/CVE-2018-12900.patch
@@ -0,0 +1,29 @@
+From 86861b86f26be5301ccfa96f9bf765051f4e644a Mon Sep 17 00:00:00 2001
+From: pgajdos <pgajdos@suse.cz>
+Date: Tue, 13 Nov 2018 09:03:31 +0100
+Subject: [PATCH] prevent integer overflow
+
+---
+ tools/tiffcp.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 2f406e2d..ece7ba13 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -1435,6 +1435,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
+ status = 0;
+ goto done;
+ }
++ if (0xFFFFFFFF / tilew < spp)
++ {
++ TIFFError(TIFFFileName(in), "Error, either TileWidth (%u) or BitsPerSample (%u) is too large", tilew, bps);
++ status = 0;
++ goto done;
++ }
+ bytes_per_sample = bps/8;
+
+ for (row = 0; row < imagelength; row += tl) {
+--
+2.18.1
+
generated by cgit v1.2.1 (git 2.18.0) at 2024-11-11 02:19:52 +0000