aboutsummaryrefslogtreecommitdiffstats
path: root/main/tiff/CVE-2017-7602.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/tiff/CVE-2017-7602.patch')
-rw-r--r--main/tiff/CVE-2017-7602.patch50
1 files changed, 0 insertions, 50 deletions
diff --git a/main/tiff/CVE-2017-7602.patch b/main/tiff/CVE-2017-7602.patch
deleted file mode 100644
index c0bc41ff90..0000000000
--- a/main/tiff/CVE-2017-7602.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 66e7bd59520996740e4df5495a830b42fae48bc4 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Wed, 11 Jan 2017 16:33:34 +0000
-Subject: [PATCH] * libtiff/tif_read.c: avoid potential undefined behaviour on
- signed integer addition in TIFFReadRawStrip1() in isMapped() case. Fixes
- http://bugzilla.maptools.org/show_bug.cgi?id=2650
-
----
- libtiff/tif_read.c | 27 ++++++++++++++++++---------
- 2 files changed, 24 insertions(+), 9 deletions(-)
-
-diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
-index 52bbf50..b7aacbd 100644
---- a/libtiff/tif_read.c
-+++ b/libtiff/tif_read.c
-@@ -420,16 +420,25 @@ TIFFReadRawStrip1(TIFF* tif, uint32 strip, void* buf, tmsize_t size,
- return ((tmsize_t)(-1));
- }
- } else {
-- tmsize_t ma,mb;
-+ tmsize_t ma;
- tmsize_t n;
-- ma=(tmsize_t)td->td_stripoffset[strip];
-- mb=ma+size;
-- if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size))
-- n=0;
-- else if ((mb<ma)||(mb<size)||(mb>tif->tif_size))
-- n=tif->tif_size-ma;
-- else
-- n=size;
-+ if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||
-+ ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size))
-+ {
-+ n=0;
-+ }
-+ else if( ma > TIFF_TMSIZE_T_MAX - size )
-+ {
-+ n=0;
-+ }
-+ else
-+ {
-+ tmsize_t mb=ma+size;
-+ if (mb>tif->tif_size)
-+ n=tif->tif_size-ma;
-+ else
-+ n=size;
-+ }
- if (n!=size) {
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- TIFFErrorExt(tif->tif_clientdata, module,