summaryrefslogtreecommitdiff
path: root/graphics/tiff/patches/patch-CVE-2018-17000
diff options
context:
space:
mode:
Diffstat (limited to 'graphics/tiff/patches/patch-CVE-2018-17000')
-rw-r--r--graphics/tiff/patches/patch-CVE-2018-1700026
1 files changed, 26 insertions, 0 deletions
diff --git a/graphics/tiff/patches/patch-CVE-2018-17000 b/graphics/tiff/patches/patch-CVE-2018-17000
new file mode 100644
index 00000000000..d42aaa01f3e
--- /dev/null
+++ b/graphics/tiff/patches/patch-CVE-2018-17000
@@ -0,0 +1,26 @@
+$NetBSD: patch-CVE-2018-17000,v 1.1.2.2 2019/07/18 13:32:31 bsiegert Exp $
+
+Fixes CVE-2018-17000
+
+Upstream commit:
+https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39.patch
+
+--- libtiff/tif_dirwrite.c.orig 2018-06-24 20:26:30.000000000 +0000
++++ libtiff/tif_dirwrite.c
+@@ -1893,12 +1893,14 @@ TIFFWriteDirectoryTagTransferfunction(TI
+ n=3;
+ if (n==3)
+ {
+- if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16)))
++ if (tif->tif_dir.td_transferfunction[2] == NULL ||
++ !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16)))
+ n=2;
+ }
+ if (n==2)
+ {
+- if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16)))
++ if (tif->tif_dir.td_transferfunction[1] == NULL ||
++ !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16)))
+ n=1;
+ }
+ if (n==0)
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-17 11:15:35 +0000