summaryrefslogtreecommitdiffstats
path: root/abs/core/libtiff/tiff-3.8.2-CVE-2008-2327.patch
diff options
context:
space:
mode:
authorJames Meyer <james.meyer@operamail.com>2012-08-07 16:06:53 (GMT)
committerJames Meyer <james.meyer@operamail.com>2012-08-07 16:06:53 (GMT)
commit0549aa634442b489b747395153546f7d1bbf454c (patch)
tree6597bf6c158c03074320fa8fd98eddee47563611 /abs/core/libtiff/tiff-3.8.2-CVE-2008-2327.patch
parent72bc700c43991b8e284200d165220531a815472e (diff)
downloadlinhes_pkgbuild-0549aa634442b489b747395153546f7d1bbf454c.zip
linhes_pkgbuild-0549aa634442b489b747395153546f7d1bbf454c.tar.gz
linhes_pkgbuild-0549aa634442b489b747395153546f7d1bbf454c.tar.bz2
libtiff 4.0.2
Diffstat (limited to 'abs/core/libtiff/tiff-3.8.2-CVE-2008-2327.patch')
-rw-r--r--abs/core/libtiff/tiff-3.8.2-CVE-2008-2327.patch64
1 files changed, 0 insertions, 64 deletions
diff --git a/abs/core/libtiff/tiff-3.8.2-CVE-2008-2327.patch b/abs/core/libtiff/tiff-3.8.2-CVE-2008-2327.patch
deleted file mode 100644
index e6d74a6..0000000
--- a/abs/core/libtiff/tiff-3.8.2-CVE-2008-2327.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-Fixes security issues in libTIFF's handling of LZW-encoded
-images. The use of uninitialized data could lead to a buffer
-underflow and a crash or arbitrary code execution.
-
-CVE-ID: CVE-2008-2327
-Security bug: https://bugs.gentoo.org/show_bug.cgi?id=234080
-
-Index: tiff-3.8.2/libtiff/tif_lzw.c
-===================================================================
---- tiff-3.8.2.orig/libtiff/tif_lzw.c
-+++ tiff-3.8.2/libtiff/tif_lzw.c
-@@ -237,6 +237,12 @@ LZWSetupDecode(TIFF* tif)
- sp->dec_codetab[code].length = 1;
- sp->dec_codetab[code].next = NULL;
- } while (code--);
-+ /*
-+ * Zero-out the unused entries
-+ */
-+ _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0,
-+ (CODE_FIRST-CODE_CLEAR)*sizeof (code_t));
-+
- }
- return (1);
- }
-@@ -408,12 +414,19 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize
- break;
- if (code == CODE_CLEAR) {
- free_entp = sp->dec_codetab + CODE_FIRST;
-+ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
- nbits = BITS_MIN;
- nbitsmask = MAXCODE(BITS_MIN);
- maxcodep = sp->dec_codetab + nbitsmask-1;
- NextCode(tif, sp, bp, code, GetNextCode);
- if (code == CODE_EOI)
- break;
-+ if (code == CODE_CLEAR) {
-+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
-+ "LZWDecode: Corrupted LZW table at scanline %d",
-+ tif->tif_row);
-+ return (0);
-+ }
- *op++ = (char)code, occ--;
- oldcodep = sp->dec_codetab + code;
- continue;
-@@ -604,12 +617,19 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0,
- break;
- if (code == CODE_CLEAR) {
- free_entp = sp->dec_codetab + CODE_FIRST;
-+ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
- nbits = BITS_MIN;
- nbitsmask = MAXCODE(BITS_MIN);
- maxcodep = sp->dec_codetab + nbitsmask;
- NextCode(tif, sp, bp, code, GetNextCodeCompat);
- if (code == CODE_EOI)
- break;
-+ if (code == CODE_CLEAR) {
-+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
-+ "LZWDecode: Corrupted LZW table at scanline %d",
-+ tif->tif_row);
-+ return (0);
-+ }
- *op++ = code, occ--;
- oldcodep = sp->dec_codetab + code;
- continue;