1
0
forked from brl/citadel
citadel/poky/meta/recipes-multimedia/libtiff/files/CVE-2017-13726.patch

55 lines
1.8 KiB
Diff

From 5317ce215936ce611846557bb104b49d3b4c8345 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Wed, 23 Aug 2017 13:21:41 +0000
Subject: [PATCH] * libtiff/tif_dirwrite.c: replace assertion related to not
finding the SubIFD tag by runtime check. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2727 Reported by team OWL337
Upstream-Status: Backport
[https://github.com/vadz/libtiff/commit/f91ca83a21a6a583050e5a5755ce1441b2bf1d7e]
CVE: CVE-2017-13726
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
ChangeLog | 7 +++++++
libtiff/tif_dirwrite.c | 7 ++++++-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 6980da8..3e299d9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-08-23 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_dirwrite.c: replace assertion related to not finding the
+ SubIFD tag by runtime check.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2727
+ Reported by team OWL337
+
2017-07-15 Even Rouault <even.rouault at spatialys.com>
* tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw"
diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
index 8d6686b..14090ae 100644
--- a/libtiff/tif_dirwrite.c
+++ b/libtiff/tif_dirwrite.c
@@ -821,7 +821,12 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
TIFFDirEntry* nb;
for (na=0, nb=dir; ; na++, nb++)
{
- assert(na<ndir);
+ if( na == ndir )
+ {
+ TIFFErrorExt(tif->tif_clientdata,module,
+ "Cannot find SubIFD tag");
+ goto bad;
+ }
if (nb->tdir_tag==TIFFTAG_SUBIFD)
break;
}
--
2.7.4