mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-26 14:28:15 -05:00
8e28d22c91
* gnu/packages/patches/libtiff-CVE-2012-4564.patch, gnu/packages/patches/libtiff-CVE-2013-1960.patch, gnu/packages/patches/libtiff-CVE-2013-1961.patch, gnu/packages/patches/libtiff-CVE-2013-4231.patch, gnu/packages/patches/libtiff-CVE-2013-4232.patch, gnu/packages/patches/libtiff-CVE-2013-4243.patch, gnu/packages/patches/libtiff-CVE-2013-4244.patch, gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch, gnu/packages/patches/libtiff-CVE-2014-8127-pt2.patch, gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch, gnu/packages/patches/libtiff-CVE-2014-8127-pt4.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt1.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt2.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt3.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt4.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt5.patch, gnu/packages/patches/libtiff-CVE-2014-8129.patch, gnu/packages/patches/libtiff-CVE-2014-9330.patch, gnu/packages/patches/libtiff-CVE-2014-9655.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/image.scm (libtiff)[source]: Add patches.
77 lines
2.1 KiB
Diff
77 lines
2.1 KiB
Diff
Copied from Debian
|
|
|
|
Picked from CVE: diff -u -r1.14 -r1.15
|
|
http://bugzilla.maptools.org/show_bug.cgi?id=2501
|
|
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
|
|
--- tiff-4.0.3.orig/tools/tiffdither.c
|
|
+++ tiff-4.0.3/tools/tiffdither.c
|
|
@@ -39,6 +39,7 @@
|
|
#endif
|
|
|
|
#include "tiffio.h"
|
|
+#include "tiffiop.h"
|
|
|
|
#define streq(a,b) (strcmp(a,b) == 0)
|
|
#define strneq(a,b,n) (strncmp(a,b,n) == 0)
|
|
@@ -56,7 +57,7 @@ static void usage(void);
|
|
* Floyd-Steinberg error propragation with threshold.
|
|
* This code is stolen from tiffmedian.
|
|
*/
|
|
-static void
|
|
+static int
|
|
fsdither(TIFF* in, TIFF* out)
|
|
{
|
|
unsigned char *outline, *inputline, *inptr;
|
|
@@ -68,14 +69,19 @@ fsdither(TIFF* in, TIFF* out)
|
|
int lastline, lastpixel;
|
|
int bit;
|
|
tsize_t outlinesize;
|
|
+ int errcode = 0;
|
|
|
|
imax = imagelength - 1;
|
|
jmax = imagewidth - 1;
|
|
inputline = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(in));
|
|
- thisline = (short *)_TIFFmalloc(imagewidth * sizeof (short));
|
|
- nextline = (short *)_TIFFmalloc(imagewidth * sizeof (short));
|
|
+ thisline = (short *)_TIFFmalloc(TIFFSafeMultiply(tmsize_t, imagewidth, sizeof (short)));
|
|
+ nextline = (short *)_TIFFmalloc(TIFFSafeMultiply(tmsize_t, imagewidth, sizeof (short)));
|
|
outlinesize = TIFFScanlineSize(out);
|
|
outline = (unsigned char *) _TIFFmalloc(outlinesize);
|
|
+ if (! (inputline && thisline && nextline && outline)) {
|
|
+ fprintf(stderr, "Out of memory.\n");
|
|
+ goto skip_on_error;
|
|
+ }
|
|
|
|
/*
|
|
* Get first line
|
|
@@ -93,7 +99,7 @@ fsdither(TIFF* in, TIFF* out)
|
|
nextline = tmpptr;
|
|
lastline = (i == imax);
|
|
if (TIFFReadScanline(in, inputline, i, 0) <= 0)
|
|
- break;
|
|
+ goto skip_on_error;
|
|
inptr = inputline;
|
|
nextptr = nextline;
|
|
for (j = 0; j < imagewidth; ++j)
|
|
@@ -131,13 +137,18 @@ fsdither(TIFF* in, TIFF* out)
|
|
}
|
|
}
|
|
if (TIFFWriteScanline(out, outline, i-1, 0) < 0)
|
|
- break;
|
|
+ goto skip_on_error;
|
|
}
|
|
+ goto exit_label;
|
|
+
|
|
skip_on_error:
|
|
+ errcode = 1;
|
|
+ exit_label:
|
|
_TIFFfree(inputline);
|
|
_TIFFfree(thisline);
|
|
_TIFFfree(nextline);
|
|
_TIFFfree(outline);
|
|
+ return errcode;
|
|
}
|
|
|
|
static uint16 compression = COMPRESSION_PACKBITS;
|