1 files changed, 0 insertions, 37 deletions

diff --git a/graphics/tiff/patches/patch-bc b/graphics/tiff/patches/patch-bc
deleted file mode 100644
index 64998563e4f..00000000000
--- a/graphics/tiff/patches/patch-bc
+++ /dev/null
@@ -1,37 +0,0 @@
-$NetBSD: patch-bc,v 1.1 2006/08/02 15:42:25 salo Exp $
-
-Security fix for SA21304.
-
---- libtiff/tif_read.c.orig	2005-12-21 13:33:56.000000000 +0100
-+++ libtiff/tif_read.c	2006-08-02 17:18:41.000000000 +0200
-@@ -272,7 +272,13 @@ TIFFFillStrip(TIFF* tif, tstrip_t strip)
- 		if ((tif->tif_flags & TIFF_MYBUFFER) && tif->tif_rawdata)
- 			_TIFFfree(tif->tif_rawdata);
- 		tif->tif_flags &= ~TIFF_MYBUFFER;
--		if ( td->td_stripoffset[strip] + bytecount > tif->tif_size) {
-+		/*
-+		 * This sanity check could potentially overflow, causing an OOB read.
-+		 * verify that offset + bytecount is > offset.
-+		 * -- taviso@google.com 14 Jun 2006
-+		 */
-+		if ( td->td_stripoffset[strip] + bytecount > tif->tif_size ||
-+			(td->td_stripoffset[strip] + bytecount) < td->td_stripoffset[strip]) {
- 			/*
- 			 * This error message might seem strange, but it's
- 			 * what would happen if a read were done instead.
-@@ -470,7 +476,14 @@ TIFFFillTile(TIFF* tif, ttile_t tile)
- 		if ((tif->tif_flags & TIFF_MYBUFFER) && tif->tif_rawdata)
- 			_TIFFfree(tif->tif_rawdata);
- 		tif->tif_flags &= ~TIFF_MYBUFFER;
--		if ( td->td_stripoffset[tile] + bytecount > tif->tif_size) {
-+		/*
-+		 * We must check this calculation doesnt overflow, potentially
-+		 * causing an OOB read.
-+		 * -- taviso@google.com 15 Jun 2006
-+		 */
-+		if ( td->td_stripoffset[tile] + bytecount > tif->tif_size ||
-+			(td->td_stripoffset[tile] + bytecount) < 
-+				td->td_stripoffset[tile]) {
- 			tif->tif_curtile = NOTILE;
- 			return (0);
- 		}