diff options
Diffstat (limited to 'media-libs/tiff/files/tiff-4.0.10-CVE-2018-17000-tif_dirwrite-null-dereference.patch')
-rw-r--r-- | media-libs/tiff/files/tiff-4.0.10-CVE-2018-17000-tif_dirwrite-null-dereference.patch | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/media-libs/tiff/files/tiff-4.0.10-CVE-2018-17000-tif_dirwrite-null-dereference.patch b/media-libs/tiff/files/tiff-4.0.10-CVE-2018-17000-tif_dirwrite-null-dereference.patch deleted file mode 100644 index 321c6a428afa..000000000000 --- a/media-libs/tiff/files/tiff-4.0.10-CVE-2018-17000-tif_dirwrite-null-dereference.patch +++ /dev/null @@ -1,33 +0,0 @@ -https://crbug.com/901306 - -commit 802d3cbf3043be5dce5317e140ccb1c17a6a2d39 -Author: Thomas Bernard <miniupnp@free.fr> -Date: Tue Jan 29 11:21:47 2019 +0100 - - TIFFWriteDirectoryTagTransferfunction() : fix NULL dereferencing - - http://bugzilla.maptools.org/show_bug.cgi?id=2833 - - we must check the pointer is not NULL before memcmp() the memory - -diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c -index c15a28dbd8fcb99b81fa5a1d44fcbcda881f42a7..ef30c869d30e210d90be16ce91f44087925fbad3 100644 ---- a/libtiff/tif_dirwrite.c -+++ b/libtiff/tif_dirwrite.c -@@ -1893,12 +1893,14 @@ TIFFWriteDirectoryTagTransferfunction(TIFF* tif, uint32* ndir, TIFFDirEntry* dir - n=3; - if (n==3) - { -- if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16))) -+ if (tif->tif_dir.td_transferfunction[2] == NULL || -+ !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16))) - n=2; - } - if (n==2) - { -- if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16))) -+ if (tif->tif_dir.td_transferfunction[1] == NULL || -+ !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16))) - n=1; - } - if (n==0) |