diff options
Diffstat (limited to 'graphics/tiff/patches/patch-SA43593')
-rw-r--r-- | graphics/tiff/patches/patch-SA43593 | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/graphics/tiff/patches/patch-SA43593 b/graphics/tiff/patches/patch-SA43593 new file mode 100644 index 00000000000..76a5f913b04 --- /dev/null +++ b/graphics/tiff/patches/patch-SA43593 @@ -0,0 +1,20 @@ +$NetBSD: patch-SA43593,v 1.1.2.2 2011/03/13 21:10:19 sbd Exp $ + +Fix heap-based buffer overflow which causes the vulnerability reported +in SA43593. Patch taken from the "libtiff" CVS repository. + +--- libtiff/tif_fax3.h 8 Jun 2010 18:50:42 -0000 1.5.2.1 ++++ libtiff/tif_fax3.h 10 Mar 2011 20:22:33 -0000 1.5.2.3 +@@ -478,6 +478,12 @@ + break; \ + case S_VL: \ + CHECK_b1; \ ++ if (b1 <= (int) (a0 + TabEnt->Param)) { \ ++ if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) { \ ++ unexpected("VL", a0); \ ++ goto eol2d; \ ++ } \ ++ } \ + SETVALUE(b1 - a0 - TabEnt->Param); \ + b1 -= *--pb; \ + break; \ |