Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 169d7bccc02da43f8574d030502cfcf9308f505f / . / poky / meta / recipes-multimedia / libtiff / tiff / CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data-2.patch
blob: 9fc8182fef387c6cf8a32c0cb32bd212e5a1d3f0 [file] [log] [blame]
From f500facf7723f1cae725dd288b2daad15e45131c Mon Sep 17 00:00:00 2001
From: Su_Laus <sulau@freenet.de>
Date: Mon, 30 Oct 2023 21:21:57 +0100
Subject: [PATCH 2/3] At image reading, compare data size of some tags / data
structures (StripByteCounts, StripOffsets, StripArray, TIFF directory) with
file size to prevent provoked out-of-memory attacks.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
See issue #614.
Correct declaration of filesize shadows a previous local.
CVE: CVE-2023-6277
Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/merge_requests/545]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
libtiff/tif_dirread.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index c52d41f..fe8d6f8 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -5305,7 +5305,6 @@ static int EstimateStripByteCounts(TIFF *tif, TIFFDirEntry *dir,
if (td->td_compression != COMPRESSION_NONE)
{
uint64_t space;
- uint64_t filesize;
uint16_t n;
filesize = TIFFGetFileSize(tif);
if (!(tif->tif_flags & TIFF_BIGTIFF))
--
2.43.0