summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch')
-rw-r--r--gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch104
1 files changed, 104 insertions, 0 deletions
diff --git a/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch b/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch
new file mode 100644
index 0000000000..d3f1c2b60e
--- /dev/null
+++ b/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch
@@ -0,0 +1,104 @@
+Fix two divide-by-zero bugs in readSeparateTilesIntoBuffer():
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2597
+http://bugzilla.maptools.org/show_bug.cgi?id=2607
+
+2016-12-03 Even Rouault <even.rouault at spatialys.com>
+
+ * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
+tag is
+ missing.
+ Reported by Agostino sarubbo.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2597
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
+new revision: 1.1183; previous revision: 1.1182
+/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c
+new revision: 1.57; previous revision: 1.56
+
+Index: libtiff/tools/tiffcp.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
+retrieving revision 1.56
+retrieving revision 1.57
+diff -u -r1.56 -r1.57
+--- libtiff/tools/tiffcp.c 2 Dec 2016 22:13:32 -0000 1.56
++++ libtiff/tools/tiffcp.c 3 Dec 2016 14:42:40 -0000 1.57
+@@ -1,4 +1,4 @@
+-/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */
++/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */
+
+ /*
+ * Copyright (c) 1988-1997 Sam Leffler
+@@ -1378,7 +1378,7 @@
+ uint8* bufp = (uint8*) buf;
+ uint32 tw, tl;
+ uint32 row;
+- uint16 bps, bytes_per_sample;
++ uint16 bps = 0, bytes_per_sample;
+
+ tilebuf = _TIFFmalloc(tilesize);
+ if (tilebuf == 0)
+@@ -1387,6 +1387,12 @@
+ (void) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw);
+ (void) TIFFGetField(in, TIFFTAG_TILELENGTH, &tl);
+ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
++ if( bps == 0 )
++ {
++ TIFFError(TIFFFileName(in), "Error, cannot read BitsPerSample");
++ status = 0;
++ goto done;
++ }
+ assert( bps % 8 == 0 );
+ bytes_per_sample = bps/8;
+
+2016-12-03 Even Rouault <even.rouault at spatialys.com>
+
+ * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
+tag is
+ missing.
+ Reported by Agostino Sarubbo.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2607
+
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
+new revision: 1.1186; previous revision: 1.1185
+/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c
+new revision: 1.58; previous revision: 1.57
+
+Index: libtiff/tools/tiffcp.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
+retrieving revision 1.57
+retrieving revision 1.58
+diff -u -r1.57 -r1.58
+--- libtiff/tools/tiffcp.c 3 Dec 2016 14:42:40 -0000 1.57
++++ libtiff/tools/tiffcp.c 3 Dec 2016 15:44:15 -0000 1.58
+@@ -1,4 +1,4 @@
+-/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */
++/* $Id: tiffcp.c,v 1.58 2016-12-03 15:44:15 erouault Exp $ */
+
+ /*
+ * Copyright (c) 1988-1997 Sam Leffler
+@@ -1569,7 +1569,7 @@
+ uint8* bufp = (uint8*) buf;
+ uint32 tl, tw;
+ uint32 row;
+- uint16 bps, bytes_per_sample;
++ uint16 bps = 0, bytes_per_sample;
+
+ obuf = _TIFFmalloc(TIFFTileSize(out));
+ if (obuf == NULL)
+@@ -1578,6 +1578,12 @@
+ (void) TIFFGetField(out, TIFFTAG_TILELENGTH, &tl);
+ (void) TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw);
+ (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
++ if( bps == 0 )
++ {
++ TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample");
++ _TIFFfree(obuf);
++ return 0;
++ }
+ assert( bps % 8 == 0 );
+ bytes_per_sample = bps/8;
+
generated by cgit v1.2.3 (git 2.45.2) at 2024-07-14 01:39:55 +0000