diff options
Diffstat (limited to 'graphics/tiff/patches/patch-CVE-2018-8905')
-rw-r--r-- | graphics/tiff/patches/patch-CVE-2018-8905 | 40 |
1 files changed, 0 insertions, 40 deletions
diff --git a/graphics/tiff/patches/patch-CVE-2018-8905 b/graphics/tiff/patches/patch-CVE-2018-8905 deleted file mode 100644 index 5df66525568..00000000000 --- a/graphics/tiff/patches/patch-CVE-2018-8905 +++ /dev/null @@ -1,40 +0,0 @@ -$NetBSD: patch-CVE-2018-8905,v 1.1 2018/06/21 23:11:04 tez Exp $ - -fix CVE-2018-8905 from https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d - - ---- libtiff/tif_lzw.c.orig 2017-07-11 13:27:35.000000000 +0000 -+++ libtiff/tif_lzw.c -@@ -604,6 +604,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, t - char *tp; - unsigned char *bp; - int code, nbits; -+ int len; - long nextbits, nextdata, nbitsmask; - code_t *codep, *free_entp, *maxcodep, *oldcodep; - -@@ -755,13 +756,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, t - } while (--occ); - break; - } -- assert(occ >= codep->length); -- op += codep->length; -- occ -= codep->length; -- tp = op; -+ len = codep->length; -+ tp = op + len; - do { -- *--tp = codep->value; -- } while( (codep = codep->next) != NULL ); -+ int t; -+ --tp; -+ t = codep->value; -+ codep = codep->next; -+ *tp = (char)t; -+ } while (codep && tp > op); -+ assert(occ >= len); -+ op += len; -+ occ -= len; - } else { - *op++ = (char)code; - occ--; |