diff options
Diffstat (limited to 'abs/core/libtiff/tiff-3.8.2-CVE-2008-2327.patch')
-rw-r--r-- | abs/core/libtiff/tiff-3.8.2-CVE-2008-2327.patch | 64 |
1 files changed, 0 insertions, 64 deletions
diff --git a/abs/core/libtiff/tiff-3.8.2-CVE-2008-2327.patch b/abs/core/libtiff/tiff-3.8.2-CVE-2008-2327.patch deleted file mode 100644 index e6d74a6..0000000 --- a/abs/core/libtiff/tiff-3.8.2-CVE-2008-2327.patch +++ /dev/null @@ -1,64 +0,0 @@ -Fixes security issues in libTIFF's handling of LZW-encoded -images. The use of uninitialized data could lead to a buffer -underflow and a crash or arbitrary code execution. - -CVE-ID: CVE-2008-2327 -Security bug: https://bugs.gentoo.org/show_bug.cgi?id=234080 - -Index: tiff-3.8.2/libtiff/tif_lzw.c -=================================================================== ---- tiff-3.8.2.orig/libtiff/tif_lzw.c -+++ tiff-3.8.2/libtiff/tif_lzw.c -@@ -237,6 +237,12 @@ LZWSetupDecode(TIFF* tif) - sp->dec_codetab[code].length = 1; - sp->dec_codetab[code].next = NULL; - } while (code--); -+ /* -+ * Zero-out the unused entries -+ */ -+ _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0, -+ (CODE_FIRST-CODE_CLEAR)*sizeof (code_t)); -+ - } - return (1); - } -@@ -408,12 +414,19 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize - break; - if (code == CODE_CLEAR) { - free_entp = sp->dec_codetab + CODE_FIRST; -+ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t)); - nbits = BITS_MIN; - nbitsmask = MAXCODE(BITS_MIN); - maxcodep = sp->dec_codetab + nbitsmask-1; - NextCode(tif, sp, bp, code, GetNextCode); - if (code == CODE_EOI) - break; -+ if (code == CODE_CLEAR) { -+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name, -+ "LZWDecode: Corrupted LZW table at scanline %d", -+ tif->tif_row); -+ return (0); -+ } - *op++ = (char)code, occ--; - oldcodep = sp->dec_codetab + code; - continue; -@@ -604,12 +617,19 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0, - break; - if (code == CODE_CLEAR) { - free_entp = sp->dec_codetab + CODE_FIRST; -+ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t)); - nbits = BITS_MIN; - nbitsmask = MAXCODE(BITS_MIN); - maxcodep = sp->dec_codetab + nbitsmask; - NextCode(tif, sp, bp, code, GetNextCodeCompat); - if (code == CODE_EOI) - break; -+ if (code == CODE_CLEAR) { -+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name, -+ "LZWDecode: Corrupted LZW table at scanline %d", -+ tif->tif_row); -+ return (0); -+ } - *op++ = code, occ--; - oldcodep = sp->dec_codetab + code; - continue; |