From bd4aeefe33e63f613512604e47bfca7b2187697d Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Sun, 3 Nov 2019 16:06:58 +0000
Subject: gentoo resync : 03.11.2019

---
 ...ferOverflow-ChopUpSingleUncompressedStrip.patch | 33 ----------------------
 ...ferOverflow-ChopUpSingleUncompressedStrip.patch | 26 -----------------
 2 files changed, 59 deletions(-)
 delete mode 100644 media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
 delete mode 100644 media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch

(limited to 'media-libs/tiff/files')

diff --git a/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch b/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
deleted file mode 100644
index a45ee342f779..000000000000
--- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-https://codereview.chromium.org/2284063002
-https://crbug.com/618267
-https://pdfium.googlesource.com/pdfium/+/master/libtiff/
-
-Author: tracy_jiang <tracy_jiang@foxitsoftware.com>
-Date:   Mon Aug 29 13:42:56 2016 -0700
-
-Fix for #618267. Adding a method to determine if multiplication has
-overflow.
-
---- a/libtiff/tif_aux.c
-+++ b/libtiff/tif_aux.c
-@@ -69,7 +69,7 @@ _TIFFCheckRealloc(TIFF* tif, void* buffer,
- 	/*
- 	 * XXX: Check for integer overflow.
- 	 */
--	if (nmemb && elem_size && bytes / elem_size == nmemb)
-+	if (nmemb && elem_size && !_TIFFIfMultiplicationOverflow(nmemb, elem_size))
- 		cp = _TIFFrealloc(buffer, bytes);
- 
- 	if (cp == NULL) {
---- a/libtiff/tiffiop.h
-+++ b/libtiff/tiffiop.h
-@@ -315,6 +315,9 @@ typedef size_t TIFFIOSize_t;
- #define _TIFF_off_t off_t
- #endif
- 
-+#include <limits.h>
-+#define _TIFFIfMultiplicationOverflow(op1, op2) ((op1) > SSIZE_MAX / (op2))
-+
- #if defined(__cplusplus)
- extern "C" {
- #endif
diff --git a/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch b/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
deleted file mode 100644
index 35f59b9bffd9..000000000000
--- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-https://codereview.chromium.org/2405693002
-https://crbug.com/654169
-https://pdfium.googlesource.com/pdfium/+/master/libtiff/
-
-Author: stackexploit <stackexploit@gmail.com>
-Date:   Mon Oct 10 10:58:25 2016 -0700
-
-libtiff: Prevent a buffer overflow in function ChopUpSingleUncompressedStrip.
-
-The patch (https://codereview.chromium.org/2284063002) for Issue 618267
-was insufficient. The integer overflow still could be triggered and could
-lead to heap buffer overflow.
-
-This CL strengthens integer overflow check in function _TIFFCheckRealloc.
-
---- a/libtiff/tif_aux.c
-+++ b/libtiff/tif_aux.c
-@@ -69,7 +69,7 @@ _TIFFCheckRealloc(TIFF* tif, void* buffer,
- 	/*
- 	 * XXX: Check for integer overflow.
- 	 */
--	if (nmemb && elem_size && !_TIFFIfMultiplicationOverflow(nmemb, elem_size))
-+	if (nmemb > 0 && elem_size > 0 && !_TIFFIfMultiplicationOverflow(nmemb, elem_size))
- 		cp = _TIFFrealloc(buffer, bytes);
- 
- 	if (cp == NULL) {
-- 
cgit v1.2.3