summaryrefslogtreecommitdiffstats
path: root/abs/core/libtiff/tiff-3.8.2-CVE-2008-2327.patch
diff options
context:
space:
mode:
Diffstat (limited to 'abs/core/libtiff/tiff-3.8.2-CVE-2008-2327.patch')
-rw-r--r--abs/core/libtiff/tiff-3.8.2-CVE-2008-2327.patch64
1 files changed, 0 insertions, 64 deletions
diff --git a/abs/core/libtiff/tiff-3.8.2-CVE-2008-2327.patch b/abs/core/libtiff/tiff-3.8.2-CVE-2008-2327.patch
deleted file mode 100644
index e6d74a6..0000000
--- a/abs/core/libtiff/tiff-3.8.2-CVE-2008-2327.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-Fixes security issues in libTIFF's handling of LZW-encoded
-images. The use of uninitialized data could lead to a buffer
-underflow and a crash or arbitrary code execution.
-
-CVE-ID: CVE-2008-2327
-Security bug: https://bugs.gentoo.org/show_bug.cgi?id=234080
-
-Index: tiff-3.8.2/libtiff/tif_lzw.c
-===================================================================
---- tiff-3.8.2.orig/libtiff/tif_lzw.c
-+++ tiff-3.8.2/libtiff/tif_lzw.c
-@@ -237,6 +237,12 @@ LZWSetupDecode(TIFF* tif)
- sp->dec_codetab[code].length = 1;
- sp->dec_codetab[code].next = NULL;
- } while (code--);
-+ /*
-+ * Zero-out the unused entries
-+ */
-+ _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0,
-+ (CODE_FIRST-CODE_CLEAR)*sizeof (code_t));
-+
- }
- return (1);
- }
-@@ -408,12 +414,19 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize
- break;
- if (code == CODE_CLEAR) {
- free_entp = sp->dec_codetab + CODE_FIRST;
-+ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
- nbits = BITS_MIN;
- nbitsmask = MAXCODE(BITS_MIN);
- maxcodep = sp->dec_codetab + nbitsmask-1;
- NextCode(tif, sp, bp, code, GetNextCode);
- if (code == CODE_EOI)
- break;
-+ if (code == CODE_CLEAR) {
-+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
-+ "LZWDecode: Corrupted LZW table at scanline %d",
-+ tif->tif_row);
-+ return (0);
-+ }
- *op++ = (char)code, occ--;
- oldcodep = sp->dec_codetab + code;
- continue;
-@@ -604,12 +617,19 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0,
- break;
- if (code == CODE_CLEAR) {
- free_entp = sp->dec_codetab + CODE_FIRST;
-+ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
- nbits = BITS_MIN;
- nbitsmask = MAXCODE(BITS_MIN);
- maxcodep = sp->dec_codetab + nbitsmask;
- NextCode(tif, sp, bp, code, GetNextCodeCompat);
- if (code == CODE_EOI)
- break;
-+ if (code == CODE_CLEAR) {
-+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
-+ "LZWDecode: Corrupted LZW table at scanline %d",
-+ tif->tif_row);
-+ return (0);
-+ }
- *op++ = code, occ--;
- oldcodep = sp->dec_codetab + code;
- continue;