From f1bc537f089cc8477a9a18db597cb349e1b00e91 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 16 Jun 2018 05:02:38 +0100 Subject: gentoo resync : 16.06.2018 --- ....0.7-pdfium-0005-Leak-TIFFFetchStripThing.patch | 20 ----- ...iff-4.0.7-pdfium-0007-uninitialized-value.patch | 26 ------ ...-4.0.7-pdfium-0013-validate-refblackwhite.patch | 42 ---------- ....7-pdfium-0017-safe_skews_in_gtTileContig.patch | 97 ---------------------- ...ium-0018-fix-leak-in-PredictorSetupDecode.patch | 27 ------ .../tiff-4.0.7-pdfium-0021-oom-TIFFFillStrip.patch | 29 ------- 6 files changed, 241 deletions(-) delete mode 100644 media-libs/tiff/files/tiff-4.0.7-pdfium-0005-Leak-TIFFFetchStripThing.patch delete mode 100644 media-libs/tiff/files/tiff-4.0.7-pdfium-0007-uninitialized-value.patch delete mode 100644 media-libs/tiff/files/tiff-4.0.7-pdfium-0013-validate-refblackwhite.patch delete mode 100644 media-libs/tiff/files/tiff-4.0.7-pdfium-0017-safe_skews_in_gtTileContig.patch delete mode 100644 media-libs/tiff/files/tiff-4.0.7-pdfium-0018-fix-leak-in-PredictorSetupDecode.patch delete mode 100644 media-libs/tiff/files/tiff-4.0.7-pdfium-0021-oom-TIFFFillStrip.patch (limited to 'media-libs/tiff/files') diff --git a/media-libs/tiff/files/tiff-4.0.7-pdfium-0005-Leak-TIFFFetchStripThing.patch b/media-libs/tiff/files/tiff-4.0.7-pdfium-0005-Leak-TIFFFetchStripThing.patch deleted file mode 100644 index afb0151f9632..000000000000 --- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0005-Leak-TIFFFetchStripThing.patch +++ /dev/null @@ -1,20 +0,0 @@ -https://codereview.chromium.org/2204793002 -https://crbug.com/633387 -https://pdfium.googlesource.com/pdfium/+/master/libtiff/ - -Author: thestig -Date: Mon Aug 1 19:36:27 2016 -0700 - -Fix a memory leak in libtiff. - ---- a/libtiff/tif_dirread.c -+++ b/libtiff/tif_dirread.c -@@ -5372,6 +5372,8 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp) - static const char module[] = "TIFFFetchStripThing"; - enum TIFFReadDirEntryErr err; - uint64* data; -+ _TIFFfree(*lpp); -+ *lpp = 0; - err=TIFFReadDirEntryLong8Array(tif,dir,&data); - if (err!=TIFFReadDirEntryErrOk) - { diff --git a/media-libs/tiff/files/tiff-4.0.7-pdfium-0007-uninitialized-value.patch b/media-libs/tiff/files/tiff-4.0.7-pdfium-0007-uninitialized-value.patch deleted file mode 100644 index ab5627f5c169..000000000000 --- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0007-uninitialized-value.patch +++ /dev/null @@ -1,26 +0,0 @@ -https://codereview.chromium.org/2389993002 -https://crbug.com/651632 -https://pdfium.googlesource.com/pdfium/+/master/libtiff/ - -Author: dsinclair -Date: Mon Oct 3 13:59:57 2016 -0700 - -Fix potentially uninitialized value. - -Depending on what ReadOK does it's possible for |dircount16| to be used without -being initialized. The read code calls back into PDFium specific code which then -calls into the stream reading code. - -Initialize the value to be sure it is set. - ---- a/libtiff/tif_dirread.c -+++ b/libtiff/tif_dirread.c -@@ -4443,7 +4443,7 @@ TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir, - static const char module[] = "TIFFFetchDirectory"; - - void* origdir; -- uint16 dircount16; -+ uint16 dircount16 = 0; - uint32 dirsize; - TIFFDirEntry* dir; - uint8* ma; diff --git a/media-libs/tiff/files/tiff-4.0.7-pdfium-0013-validate-refblackwhite.patch b/media-libs/tiff/files/tiff-4.0.7-pdfium-0013-validate-refblackwhite.patch deleted file mode 100644 index d98ff9d0f252..000000000000 --- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0013-validate-refblackwhite.patch +++ /dev/null @@ -1,42 +0,0 @@ -https://pdfium-review.googlesource.com/2151 -https://crbug.com/632883 -https://pdfium.googlesource.com/pdfium/+/master/libtiff/ - -Author: Dan Sinclair -Date: Mon Jan 9 09:50:50 2017 -0500 - -[libtiff] Validate refblackwhite values - -The td_refblackwhite value is currently assigned without validation. This -may pose an issue as the image can specify the value as nan. This will cause -problems later when we use the nan in calcluations. - -This CL validates each of the float values are not nan and if they are sets -them to the default provided by the TIFF spec v6. - ---- a/libtiff/tif_dir.c -+++ b/libtiff/tif_dir.c -@@ -31,6 +31,7 @@ - * (and also some miscellaneous stuff) - */ - #include "tiffiop.h" -+#include - #include - - /* -@@ -426,6 +426,15 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap) - case TIFFTAG_REFERENCEBLACKWHITE: - /* XXX should check for null range */ - _TIFFsetFloatArray(&td->td_refblackwhite, va_arg(ap, float*), 6); -+ int i; -+ for (i = 0; i < 6; i++) { -+ if (isnan(td->td_refblackwhite[i])) { -+ if (i % 2 == 0) -+ td->td_refblackwhite[i] = 0; -+ else -+ td->td_refblackwhite[i] = pow(2, td->td_bitspersample) - 1; -+ } -+ } - break; - case TIFFTAG_INKNAMES: - v = (uint16) va_arg(ap, uint16_vap); diff --git a/media-libs/tiff/files/tiff-4.0.7-pdfium-0017-safe_skews_in_gtTileContig.patch b/media-libs/tiff/files/tiff-4.0.7-pdfium-0017-safe_skews_in_gtTileContig.patch deleted file mode 100644 index 7914743393ff..000000000000 --- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0017-safe_skews_in_gtTileContig.patch +++ /dev/null @@ -1,97 +0,0 @@ -https://pdfium-review.googlesource.com/2355 -https://crbug.com/681300 -https://pdfium.googlesource.com/pdfium/+/master/libtiff/ - -Author: Nicolas Pena -Date: Wed Jan 25 10:41:06 2017 -0500 - -Prevent skew overflows in gtTileContig - -Using int64 to check whether uint32 operations have overflowed. - ---- a/libtiff/tif_getimage.c -+++ b/libtiff/tif_getimage.c -@@ -31,6 +31,7 @@ - */ - #include "tiffiop.h" - #include -+#include - - static int gtTileContig(TIFFRGBAImage*, uint32*, uint32, uint32); - static int gtTileSeparate(TIFFRGBAImage*, uint32*, uint32, uint32); -@@ -629,6 +628,7 @@ gtTileContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) - uint32 tw, th; - unsigned char* buf; - int32 fromskew, toskew; -+ int64 safeskew; - uint32 nrow; - int ret = 1, flip; - uint32 this_tw, tocol; -@@ -649,19 +647,37 @@ gtTileContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) - flip = setorientation(img); - if (flip & FLIP_VERTICALLY) { - y = h - 1; -- toskew = -(int32)(tw + w); -+ safeskew = 0; -+ safeskew -= tw; -+ safeskew -= w; - } - else { - y = 0; -- toskew = -(int32)(tw - w); -+ safeskew = 0; -+ safeskew -= tw; -+ safeskew +=w; - } - -+ if(safeskew > INT_MAX || safeskew < INT_MIN){ -+ _TIFFfree(buf); -+ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "%s", "Invalid skew"); -+ return (0); -+ } -+ toskew = safeskew; -+ - /* - * Leftmost tile is clipped on left side if col_offset > 0. - */ - leftmost_fromskew = img->col_offset % tw; - leftmost_tw = tw - leftmost_fromskew; -- leftmost_toskew = toskew + leftmost_fromskew; -+ safeskew = toskew; -+ safeskew += leftmost_fromskew; -+ if(safeskew > INT_MAX || safeskew < INT_MIN){ -+ _TIFFfree(buf); -+ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "%s", "Invalid skew"); -+ return (0); -+ } -+ leftmost_toskew = safeskew; - for (row = 0; row < h; row += nrow) - { - rowstoread = th - (row + img->row_offset) % th; -@@ -704,9 +684,24 @@ gtTileContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) - /* - * Rightmost tile is clipped on right side. - */ -- fromskew = tw - (w - tocol); -+ safeskew = tw; -+ safeskew -= w; -+ safeskew += tocol; -+ if(safeskew > INT_MAX || safeskew < INT_MIN){ -+ _TIFFfree(buf); -+ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "%s", "Invalid skew"); -+ return (0); -+ } -+ fromskew = safeskew; - this_tw = tw - fromskew; -- this_toskew = toskew + fromskew; -+ safeskew = toskew; -+ safeskew += fromskew; -+ if(safeskew > INT_MAX || safeskew < INT_MIN){ -+ _TIFFfree(buf); -+ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "%s", "Invalid skew"); -+ return (0); -+ } -+ this_toskew = safeskew; - } - (*put)(img, raster+y*w+tocol, tocol, y, this_tw, nrow, fromskew, this_toskew, buf + pos); - tocol += this_tw; diff --git a/media-libs/tiff/files/tiff-4.0.7-pdfium-0018-fix-leak-in-PredictorSetupDecode.patch b/media-libs/tiff/files/tiff-4.0.7-pdfium-0018-fix-leak-in-PredictorSetupDecode.patch deleted file mode 100644 index b74ddc5c499c..000000000000 --- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0018-fix-leak-in-PredictorSetupDecode.patch +++ /dev/null @@ -1,27 +0,0 @@ -https://pdfium-review.googlesource.com/2432 -https://crbug.com/683834 -https://pdfium.googlesource.com/pdfium/+/master/libtiff/ - -Author: Nicolas Pena -Date: Thu Jan 26 15:45:02 2017 -0500 - -Fix leak in PredictorSetupDecode by calling tif_cleanup on failure - -tif_data and tif_cleanup are both set on the TIFFInit methods, see for -instance TIFFInitPixarLog. If PredictorSetupDecode fails, whatever was -filled on tif_data should be cleaned up. The previous leak fix from -PixarLogSetupDecode is no longer necessary. - ---- a/libtiff/tif_predict.c -+++ b/libtiff/tif_predict.c -@@ -118,7 +118,10 @@ PredictorSetupDecode(TIFF* tif) - TIFFDirectory* td = &tif->tif_dir; - - if (!(*sp->setupdecode)(tif) || !PredictorSetup(tif)) -+ { -+ (*tif->tif_cleanup)(tif); - return 0; -+ } - - if (sp->predictor == 2) { - switch (td->td_bitspersample) { diff --git a/media-libs/tiff/files/tiff-4.0.7-pdfium-0021-oom-TIFFFillStrip.patch b/media-libs/tiff/files/tiff-4.0.7-pdfium-0021-oom-TIFFFillStrip.patch deleted file mode 100644 index 11975cf38acf..000000000000 --- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0021-oom-TIFFFillStrip.patch +++ /dev/null @@ -1,29 +0,0 @@ -https://pdfium-review.googlesource.com/3811 -https://crbug.com/707431 -https://pdfium.googlesource.com/pdfium/+/master/libtiff/ - -Author: Nicolas Pena -Date: Wed Apr 5 15:50:53 2017 -0400 - -Libtiff: Prevent OOM in TIFFFillStrip - -In TIFFFillStrip, calls to TIFFReadBufferSetup may allocate large amounts of -memory. In this CL we do sanity checks on the claimed size of the raw strip -data before that happens, to prevent out-of-memory. - ---- a/libtiff/tif_read.c -+++ b/libtiff/tif_read.c -@@ -616,6 +616,13 @@ TIFFFillStrip(TIFF* tif, uint32 strip) - TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow"); - return(0); - } -+ const tmsize_t size=isMapped(tif)? tif->tif_size : (tmsize_t)TIFFGetFileSize(tif); -+ if (bytecountm > size) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Requested read strip size %lu is too large", -+ (unsigned long) strip); -+ return (0); -+ } - if (bytecountm > tif->tif_rawdatasize) { - tif->tif_curstrip = NOSTRIP; - if ((tif->tif_flags & TIFF_MYBUFFER) == 0) { -- cgit v1.2.3