Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Samuli Suominen (ssuominen)" <ssuominen@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in media-libs/tiff/files: tiff-4.0.1-CVE-2012-1173.patch tiff-3.9.5-CVE-2012-1173.patch
Date: Fri, 06 Apr 2012 17:39:31
Message-Id: 20120406173921.80C4B2004C@flycatcher.gentoo.org
1 ssuominen 12/04/06 17:39:21
2
3 Added: tiff-4.0.1-CVE-2012-1173.patch
4 tiff-3.9.5-CVE-2012-1173.patch
5 Log:
6 Upstream patch for CVE-2012-1173 wrt #410931 by Agostino Sarubbo
7
8 (Portage version: 2.2.0_alpha99/cvs/Linux x86_64)
9
10 Revision Changes Path
11 1.1 media-libs/tiff/files/tiff-4.0.1-CVE-2012-1173.patch
12
13 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/tiff/files/tiff-4.0.1-CVE-2012-1173.patch?rev=1.1&view=markup
14 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/tiff/files/tiff-4.0.1-CVE-2012-1173.patch?rev=1.1&content-type=text/plain
15
16 Index: tiff-4.0.1-CVE-2012-1173.patch
17 ===================================================================
18 Index: ChangeLog
19 ===================================================================
20 RCS file: /cvs/maptools/cvsroot/libtiff/ChangeLog,v
21 retrieving revision 1.877
22 diff -r1.877 ChangeLog
23 0a1,5
24 > 2012-03-30 Frank Warmerdam <warmerdam@××××××.com>
25 >
26 > * tif_getimage.c: Fix size overflow (zdi-can-1221,CVE-2012-1173)
27 > care of Tom Lane @ Red Hat.
28 >
29 Index: libtiff/tif_getimage.c
30 ===================================================================
31 RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_getimage.c,v
32 retrieving revision 1.78
33 diff -r1.78 tif_getimage.c
34 694a695
35 > tmsize_t bufsize;
36 702c703,708
37 < buf = (unsigned char*) _TIFFmalloc((alpha?4:3)*tilesize);
38 ---
39 > bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,tilesize);
40 > if (bufsize == 0) {
41 > TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtTileSeparate");
42 > return (0);
43 > }
44 > buf = (unsigned char*) _TIFFmalloc(bufsize);
45 707c713
46 < _TIFFmemset(buf, 0, (alpha?4:3)*tilesize);
47 ---
48 > _TIFFmemset(buf, 0, bufsize);
49 919a926
50 > tmsize_t bufsize;
51 925c932,937
52 < p0 = buf = (unsigned char *)_TIFFmalloc((alpha?4:3)*stripsize);
53 ---
54 > bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,stripsize);
55 > if (bufsize == 0) {
56 > TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtStripSeparate");
57 > return (0);
58 > }
59 > p0 = buf = (unsigned char *)_TIFFmalloc(bufsize);
60 930c942
61 < _TIFFmemset(buf, 0, (alpha?4:3)*stripsize);
62 ---
63 > _TIFFmemset(buf, 0, bufsize);
64 Index: libtiff/tiffiop.h
65 ===================================================================
66 RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v
67 retrieving revision 1.82
68 diff -r1.82 tiffiop.h
69 253c253
70 < #define TIFFSafeMultiply(t,v,m) ((((t)m != (t)0) && (((t)((v*m)/m)) == (t)v)) ? (t)(v*m) : (t)0)
71 ---
72 > #define TIFFSafeMultiply(t,v,m) ((((t)(m) != (t)0) && (((t)(((v)*(m))/(m))) == (t)(v))) ? (t)((v)*(m)) : (t)0)
73
74
75
76 1.1 media-libs/tiff/files/tiff-3.9.5-CVE-2012-1173.patch
77
78 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/tiff/files/tiff-3.9.5-CVE-2012-1173.patch?rev=1.1&view=markup
79 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/tiff/files/tiff-3.9.5-CVE-2012-1173.patch?rev=1.1&content-type=text/plain
80
81 Index: tiff-3.9.5-CVE-2012-1173.patch
82 ===================================================================
83 Index: ChangeLog
84 ===================================================================
85 RCS file: /cvs/maptools/cvsroot/libtiff/ChangeLog,v
86 retrieving revision 1.602.2.141
87 diff -r1.602.2.141 ChangeLog
88 0a1,6
89 > 2012-03-30 Frank Warmerdam <warmerdam@××××××.com>
90 >
91 > * tif_getimage.c: Fix size overflow (zdi-can-1221,CVE-2012-1173)
92 > care of Tom Lane @ Red Hat.
93 >
94 >
95 Index: libtiff/tif_getimage.c
96 ===================================================================
97 RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_getimage.c,v
98 retrieving revision 1.63.2.6
99 diff -r1.63.2.6 tif_getimage.c
100 675a676
101 > tsize_t bufsize;
102 682c683,688
103 < buf = (unsigned char*) _TIFFmalloc((alpha?4:3)*tilesize);
104 ---
105 > bufsize = TIFFSafeMultiply(tsize_t,alpha?4:3,tilesize);
106 > if (bufsize == 0) {
107 > TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtTileSeparate");
108 > return (0);
109 > }
110 > buf = (unsigned char*) _TIFFmalloc(bufsize);
111 687c693
112 < _TIFFmemset(buf, 0, (alpha?4:3)*tilesize);
113 ---
114 > _TIFFmemset(buf, 0, bufsize);
115 882a889
116 > tsize_t bufsize;
117 888c895,900
118 < p0 = buf = (unsigned char *)_TIFFmalloc((alpha?4:3)*stripsize);
119 ---
120 > bufsize = TIFFSafeMultiply(tsize_t,alpha?4:3,stripsize);
121 > if (bufsize == 0) {
122 > TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtStripSeparate");
123 > return (0);
124 > }
125 > p0 = buf = (unsigned char *)_TIFFmalloc(bufsize);
126 893c905
127 < _TIFFmemset(buf, 0, (alpha?4:3)*stripsize);
128 ---
129 > _TIFFmemset(buf, 0, bufsize);
130 Index: libtiff/tiffiop.h
131 ===================================================================
132 RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v
133 retrieving revision 1.51.2.7
134 diff -r1.51.2.7 tiffiop.h
135 249c249
136 < #define TIFFSafeMultiply(t,v,m) ((((t)m != (t)0) && (((t)((v*m)/m)) == (t)v)) ? (t)(v*m) : (t)0)
137 ---
138 > #define TIFFSafeMultiply(t,v,m) ((((t)(m) != (t)0) && (((t)(((v)*(m))/(m))) == (t)(v))) ? (t)((v)*(m)) : (t)0)
Report Message
Find on MARC Find on Google Groups