diff options
author | drochner <drochner> | 2012-11-05 12:41:48 +0000 |
---|---|---|
committer | drochner <drochner> | 2012-11-05 12:41:48 +0000 |
commit | fa7ae901069b46a5112edcd19edc6243efba0675 (patch) | |
tree | eb18400398639fba22e2f1df6b261bcd6f598c57 /graphics/tiff/patches | |
parent | 880be7a757afddbcc2a5c0d12f5e881b89dc990c (diff) | |
download | pkgsrc-fa7ae901069b46a5112edcd19edc6243efba0675.tar.gz |
add patch from Redhat bug #871700 to fix a possible buffer overflow
due to integer overflow in the ppm2tiff cmd line tool (CVE-2012-4564)
bump PKGREV
Diffstat (limited to 'graphics/tiff/patches')
-rw-r--r-- | graphics/tiff/patches/patch-CVE-2012-4564 | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/graphics/tiff/patches/patch-CVE-2012-4564 b/graphics/tiff/patches/patch-CVE-2012-4564 new file mode 100644 index 00000000000..fe5a551ac75 --- /dev/null +++ b/graphics/tiff/patches/patch-CVE-2012-4564 @@ -0,0 +1,33 @@ +$NetBSD: patch-CVE-2012-4564,v 1.1 2012/11/05 12:41:48 drochner Exp $ + +see https://bugzilla.redhat.com/show_bug.cgi?id=871700 + +--- tools/ppm2tiff.c.orig 2010-04-10 19:22:34.000000000 +0000 ++++ tools/ppm2tiff.c +@@ -89,6 +89,7 @@ main(int argc, char* argv[]) + int c; + extern int optind; + extern char* optarg; ++ tmsize_t scanline_size; + + if (argc < 2) { + fprintf(stderr, "%s: Too few arguments\n", argv[0]); +@@ -237,8 +238,16 @@ main(int argc, char* argv[]) + } + if (TIFFScanlineSize(out) > linebytes) + buf = (unsigned char *)_TIFFmalloc(linebytes); +- else +- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); ++ else { ++ scanline_size = TIFFScanlineSize(out); ++ if (scanline_size != 0) ++ buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); ++ else { ++ fprintf(stderr, "%s: scanline size overflow\n",infile); ++ (void) TIFFClose(out); ++ exit(-2); ++ } ++ } + if (resolution > 0) { + TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution); + TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution); |