summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'media-libs/tiff/files/tiff-4.0.3-CVE-2012-4447.patch')
-rw-r--r--media-libs/tiff/files/tiff-4.0.3-CVE-2012-4447.patch40
1 files changed, 0 insertions, 40 deletions
diff --git a/media-libs/tiff/files/tiff-4.0.3-CVE-2012-4447.patch b/media-libs/tiff/files/tiff-4.0.3-CVE-2012-4447.patch
deleted file mode 100644
index ebf9a00e1b6d..000000000000
--- a/media-libs/tiff/files/tiff-4.0.3-CVE-2012-4447.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Upstream patch for CVE-2012-4447.
-
-
-diff -Naur tiff-4.0.3.orig/libtiff/tif_pixarlog.c tiff-4.0.3/libtiff/tif_pixarlog.c
---- tiff-4.0.3.orig/libtiff/tif_pixarlog.c 2012-07-04 15:26:31.000000000 -0400
-+++ tiff-4.0.3/libtiff/tif_pixarlog.c 2012-12-12 16:43:18.931315699 -0500
-@@ -644,6 +644,20 @@
- return bytes;
- }
-
-+static tmsize_t
-+add_ms(tmsize_t m1, tmsize_t m2)
-+{
-+ tmsize_t bytes = m1 + m2;
-+
-+ /* if either input is zero, assume overflow already occurred */
-+ if (m1 == 0 || m2 == 0)
-+ bytes = 0;
-+ else if (bytes <= m1 || bytes <= m2)
-+ bytes = 0;
-+
-+ return bytes;
-+}
-+
- static int
- PixarLogFixupTags(TIFF* tif)
- {
-@@ -671,9 +685,11 @@
- td->td_samplesperpixel : 1);
- tbuf_size = multiply_ms(multiply_ms(multiply_ms(sp->stride, td->td_imagewidth),
- td->td_rowsperstrip), sizeof(uint16));
-+ /* add one more stride in case input ends mid-stride */
-+ tbuf_size = add_ms(tbuf_size, sizeof(uint16) * sp->stride);
- if (tbuf_size == 0)
- return (0); /* TODO: this is an error return without error report through TIFFErrorExt */
-- sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size+sizeof(uint16)*sp->stride);
-+ sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size);
- if (sp->tbuf == NULL)
- return (0);
- if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN)