import-layers/yocto-poky/meta/recipes-multimedia/libtiff/files/CVE-2017-13726.patch - openbmc/openbmc - Gitiles

 From 5317ce215936ce611846557bb104b49d3b4c8345 Mon Sep 17 00:00:00 2001
 From: Even Rouault <even.rouault@spatialys.com>
 Date: Wed, 23 Aug 2017 13:21:41 +0000
 Subject: [PATCH] * libtiff/tif_dirwrite.c: replace assertion related to not
  finding the SubIFD tag by runtime check. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2727 Reported by team OWL337

 Upstream-Status: Backport
 [https://github.com/vadz/libtiff/commit/f91ca83a21a6a583050e5a5755ce1441b2bf1d7e]

 CVE: CVE-2017-13726

 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 ---
  ChangeLog              | 7 +++++++
  libtiff/tif_dirwrite.c | 7 ++++++-
  2 files changed, 13 insertions(+), 1 deletion(-)

 diff --git a/ChangeLog b/ChangeLog
 index 6980da8..3e299d9 100644
 --- a/ChangeLog
 +++ b/ChangeLog
 @@ -1,3 +1,10 @@
 +2017-08-23  Even Rouault <even.rouault at spatialys.com>
 +
 +	* libtiff/tif_dirwrite.c: replace assertion related to not finding the
 +	SubIFD tag by runtime check.
 +	Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2727
 +	Reported by team OWL337
 +
  2017-07-15  Even Rouault <even.rouault at spatialys.com>

  	* tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw"
 diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
 index 8d6686b..14090ae 100644
 --- a/libtiff/tif_dirwrite.c
 +++ b/libtiff/tif_dirwrite.c
 @@ -821,7 +821,12 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
  			TIFFDirEntry* nb;
  			for (na=0, nb=dir; ; na++, nb++)
  			{
 -				assert(na<ndir);
 +				if( na == ndir )
 +                                {
 +                                    TIFFErrorExt(tif->tif_clientdata,module,
 +                                                 "Cannot find SubIFD tag");
 +                                    goto bad;
 +                                }
  				if (nb->tdir_tag==TIFFTAG_SUBIFD)
  					break;
  			}
 --
 2.7.4
	From 5317ce215936ce611846557bb104b49d3b4c8345 Mon Sep 17 00:00:00 2001
	From: Even Rouault <even.rouault@spatialys.com>
	Date: Wed, 23 Aug 2017 13:21:41 +0000
	Subject: [PATCH] * libtiff/tif_dirwrite.c: replace assertion related to not
	finding the SubIFD tag by runtime check. Fixes
	http://bugzilla.maptools.org/show_bug.cgi?id=2727 Reported by team OWL337

	Upstream-Status: Backport
	[https://github.com/vadz/libtiff/commit/f91ca83a21a6a583050e5a5755ce1441b2bf1d7e]

	CVE: CVE-2017-13726

	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
	---
	ChangeLog \| 7 +++++++
	libtiff/tif_dirwrite.c \| 7 ++++++-
	2 files changed, 13 insertions(+), 1 deletion(-)

	diff --git a/ChangeLog b/ChangeLog
	index 6980da8..3e299d9 100644
	--- a/ChangeLog
	+++ b/ChangeLog
	@@ -1,3 +1,10 @@
	+2017-08-23 Even Rouault <even.rouault at spatialys.com>
	+
	+ * libtiff/tif_dirwrite.c: replace assertion related to not finding the
	+ SubIFD tag by runtime check.
	+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2727
	+ Reported by team OWL337
	+
	2017-07-15 Even Rouault <even.rouault at spatialys.com>

	* tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw"
	diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
	index 8d6686b..14090ae 100644
	--- a/libtiff/tif_dirwrite.c
	+++ b/libtiff/tif_dirwrite.c
	@@ -821,7 +821,12 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
	TIFFDirEntry* nb;
	for (na=0, nb=dir; ; na++, nb++)
	{
	- assert(na<ndir);
	+ if( na == ndir )
	+ {
	+ TIFFErrorExt(tif->tif_clientdata,module,
	+ "Cannot find SubIFD tag");
	+ goto bad;
	+ }
	if (nb->tdir_tag==TIFFTAG_SUBIFD)
	break;
	}
	--
	2.7.4