1 files changed, 0 insertions, 105 deletions

diff --git a/main/tiff/CVE-2019-17546.patch b/main/tiff/CVE-2019-17546.patch
deleted file mode 100644
index c04f0a34281..00000000000
--- a/main/tiff/CVE-2019-17546.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-From 4bb584a35f87af42d6cf09d15e9ce8909a839145 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Thu, 15 Aug 2019 15:05:28 +0200
-Subject: [PATCH] RGBA interface: fix integer overflow potentially causing
- write heap buffer overflow, especially on 32 bit builds. Fixes
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443. Credit to OSS
- Fuzz
-
----
- libtiff/tif_getimage.c | 26 ++++++++++++++++++++------
- 1 file changed, 20 insertions(+), 6 deletions(-)
-
-diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
-index c88b5fa6..4da785d3 100644
---- a/libtiff/tif_getimage.c
-+++ b/libtiff/tif_getimage.c
-@@ -949,16 +949,23 @@ gtStripContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
- 	fromskew = (w < imagewidth ? imagewidth - w : 0);
- 	for (row = 0; row < h; row += nrow)
- 	{
-+		uint32 temp;
- 		rowstoread = rowsperstrip - (row + img->row_offset) % rowsperstrip;
- 		nrow = (row + rowstoread > h ? h - row : rowstoread);
- 		nrowsub = nrow;
- 		if ((nrowsub%subsamplingver)!=0)
- 			nrowsub+=subsamplingver-nrowsub%subsamplingver;
-+		temp = (row + img->row_offset)%rowsperstrip + nrowsub;
-+		if( scanline > 0 && temp > (size_t)(TIFF_TMSIZE_T_MAX / scanline) )
-+		{
-+			TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in gtStripContig");
-+			return 0;
-+		}
- 		if (_TIFFReadEncodedStripAndAllocBuffer(tif,
- 		    TIFFComputeStrip(tif,row+img->row_offset, 0),
- 		    (void**)(&buf),
-                     maxstripsize,
--		    ((row + img->row_offset)%rowsperstrip + nrowsub) * scanline)==(tmsize_t)(-1)
-+		    temp * scanline)==(tmsize_t)(-1)
- 		    && (buf == NULL || img->stoponerr))
- 		{
- 			ret = 0;
-@@ -1051,15 +1058,22 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
- 	fromskew = (w < imagewidth ? imagewidth - w : 0);
- 	for (row = 0; row < h; row += nrow)
- 	{
-+                uint32 temp;
- 		rowstoread = rowsperstrip - (row + img->row_offset) % rowsperstrip;
- 		nrow = (row + rowstoread > h ? h - row : rowstoread);
- 		offset_row = row + img->row_offset;
-+                temp = (row + img->row_offset)%rowsperstrip + nrow;
-+                if( scanline > 0 && temp > (size_t)(TIFF_TMSIZE_T_MAX / scanline) )
-+                {
-+                        TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in gtStripSeparate");
-+                        return 0;
-+                }
-                 if( buf == NULL )
-                 {
-                     if (_TIFFReadEncodedStripAndAllocBuffer(
-                             tif, TIFFComputeStrip(tif, offset_row, 0),
-                             (void**) &buf, bufsize,
--                            ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1)
-+                            temp * scanline)==(tmsize_t)(-1)
-                         && (buf == NULL || img->stoponerr))
-                     {
-                             ret = 0;
-@@ -1079,7 +1093,7 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
-                     }
-                 }
- 		else if (TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 0),
--		    p0, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1)
-+		    p0, temp * scanline)==(tmsize_t)(-1)
- 		    && img->stoponerr)
- 		{
- 			ret = 0;
-@@ -1087,7 +1101,7 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
- 		}
- 		if (colorchannels > 1 
-                     && TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 1),
--                                            p1, ((row + img->row_offset)%rowsperstrip + nrow) * scanline) == (tmsize_t)(-1)
-+                                            p1, temp * scanline) == (tmsize_t)(-1)
- 		    && img->stoponerr)
- 		{
- 			ret = 0;
-@@ -1095,7 +1109,7 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
- 		}
- 		if (colorchannels > 1 
-                     && TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 2),
--                                            p2, ((row + img->row_offset)%rowsperstrip + nrow) * scanline) == (tmsize_t)(-1)
-+                                            p2, temp * scanline) == (tmsize_t)(-1)
- 		    && img->stoponerr)
- 		{
- 			ret = 0;
-@@ -1104,7 +1118,7 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
- 		if (alpha)
- 		{
- 			if (TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, colorchannels),
--			    pa, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1)
-+			    pa, temp * scanline)==(tmsize_t)(-1)
- 			    && img->stoponerr)
- 			{
- 				ret = 0;
--- 
-2.22.0
-
-