futurile/guix-play
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ec8da0e25d
guix-play/gnu/packages/patches/libtiff-CVE-2014-8128-pt4.patch
Mark H Weaver 8e28d22c91 gnu: libtiff: Add fixes for several CVEs. 
* gnu/packages/patches/libtiff-CVE-2012-4564.patch,
  gnu/packages/patches/libtiff-CVE-2013-1960.patch,
  gnu/packages/patches/libtiff-CVE-2013-1961.patch,
  gnu/packages/patches/libtiff-CVE-2013-4231.patch,
  gnu/packages/patches/libtiff-CVE-2013-4232.patch,
  gnu/packages/patches/libtiff-CVE-2013-4243.patch,
  gnu/packages/patches/libtiff-CVE-2013-4244.patch,
  gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch,
  gnu/packages/patches/libtiff-CVE-2014-8127-pt2.patch,
  gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch,
  gnu/packages/patches/libtiff-CVE-2014-8127-pt4.patch,
  gnu/packages/patches/libtiff-CVE-2014-8128-pt1.patch,
  gnu/packages/patches/libtiff-CVE-2014-8128-pt2.patch,
  gnu/packages/patches/libtiff-CVE-2014-8128-pt3.patch,
  gnu/packages/patches/libtiff-CVE-2014-8128-pt4.patch,
  gnu/packages/patches/libtiff-CVE-2014-8128-pt5.patch,
  gnu/packages/patches/libtiff-CVE-2014-8129.patch,
  gnu/packages/patches/libtiff-CVE-2014-9330.patch,
  gnu/packages/patches/libtiff-CVE-2014-9655.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/image.scm (libtiff)[source]: Add patches.
2015-06-16 01:02:01 -04:00

78 lines
2.1 KiB
Diff
Raw Blame History

Copied from Debian
Picked from CVE: diff -u -r1.14 -r1.15
http://bugzilla.maptools.org/show_bug.cgi?id=2501
Author: Even Rouault <even.rouault@spatialys.com>
--- tiff-4.0.3.orig/tools/tiffdither.c
+++ tiff-4.0.3/tools/tiffdither.c
@@ -39,6 +39,7 @@
#endif
#include "tiffio.h"
+#include "tiffiop.h"
#define streq(a,b) (strcmp(a,b) == 0)
#define strneq(a,b,n) (strncmp(a,b,n) == 0)
@@ -56,7 +57,7 @@ static void usage(void);
* Floyd-Steinberg error propragation with threshold.
* This code is stolen from tiffmedian.
*/
-static void
+static int
fsdither(TIFF* in, TIFF* out)
{
unsigned char *outline, *inputline, *inptr;
@@ -68,14 +69,19 @@ fsdither(TIFF* in, TIFF* out)
int lastline, lastpixel;
int bit;
tsize_t outlinesize;
+ int errcode = 0;
imax = imagelength - 1;
jmax = imagewidth - 1;
inputline = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(in));
- thisline = (short *)_TIFFmalloc(imagewidth * sizeof (short));
- nextline = (short *)_TIFFmalloc(imagewidth * sizeof (short));
+ thisline = (short *)_TIFFmalloc(TIFFSafeMultiply(tmsize_t, imagewidth, sizeof (short)));
+ nextline = (short *)_TIFFmalloc(TIFFSafeMultiply(tmsize_t, imagewidth, sizeof (short)));
outlinesize = TIFFScanlineSize(out);
outline = (unsigned char *) _TIFFmalloc(outlinesize);
+ if (! (inputline && thisline && nextline && outline)) {
+ fprintf(stderr, "Out of memory.\n");
+ goto skip_on_error;
+ }
/*
* Get first line
@@ -93,7 +99,7 @@ fsdither(TIFF* in, TIFF* out)
nextline = tmpptr;
lastline = (i == imax);
if (TIFFReadScanline(in, inputline, i, 0) <= 0)
- break;
+ goto skip_on_error;
inptr = inputline;
nextptr = nextline;
for (j = 0; j < imagewidth; ++j)
@@ -131,13 +137,18 @@ fsdither(TIFF* in, TIFF* out)
}
}
if (TIFFWriteScanline(out, outline, i-1, 0) < 0)
- break;
+ goto skip_on_error;
}
+ goto exit_label;
+
skip_on_error:
+ errcode = 1;
+ exit_label:
_TIFFfree(inputline);
_TIFFfree(thisline);
_TIFFfree(nextline);
_TIFFfree(outline);
+ return errcode;
}
static uint16 compression = COMPRESSION_PACKBITS;
Reference in New Issue View Git Blame Copy Permalink