import-layers/yocto-poky/meta/recipes-multimedia/libtiff/files/CVE-2017-7601.patch - openbmc/openbmc - Gitiles

 From 0a76a8c765c7b8327c59646284fa78c3c27e5490 Mon Sep 17 00:00:00 2001
 From: erouault <erouault>
 Date: Wed, 11 Jan 2017 16:13:50 +0000
 Subject: [PATCH] * libtiff/tif_jpeg.c: validate BitsPerSample in
  JPEGSetupEncode() to avoid undefined behaviour caused by invalid shift
  exponent. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648

 Upstream-Status: Backport

 CVE: CVE-2017-7601
 Signed-off-by: Rajkumar Veer <rveer@mvista.com>
 Index: tiff-4.0.7/ChangeLog
 ===================================================================
 --- tiff-4.0.7.orig/ChangeLog	2017-04-25 18:21:32.856116417 +0530
 +++ tiff-4.0.7/ChangeLog	2017-04-25 18:35:31.904129477 +0530
 @@ -1,4 +1,3 @@
 -
  2017-01-12 Even Rouault <even.rouault at spatialys.com>

  	* libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesQTable,
 @@ -9,6 +8,12 @@

  2017-01-11 Even Rouault <even.rouault at spatialys.com>

 +	* libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode() to avoid
 +	undefined behaviour caused by invalid shift exponent.
 +	Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
 +
 +2017-01-11 Even Rouault <even.rouault at spatialys.com>
 +
  	* libtiff/tif_dirread.c: avoid division by floating point 0 in
  	TIFFReadDirEntryCheckedRational() and TIFFReadDirEntryCheckedSrational(),
  	and return 0 in that case (instead of infinity as before presumably)
 Index: tiff-4.0.7/libtiff/tif_jpeg.c
 ===================================================================
 --- tiff-4.0.7.orig/libtiff/tif_jpeg.c	2017-04-25 18:21:32.744116415 +0530
 +++ tiff-4.0.7/libtiff/tif_jpeg.c	2017-04-25 18:38:02.200131817 +0530
 @@ -1632,7 +1632,13 @@
                                     "Invalig horizontal/vertical sampling value");
                        return (0);
                  }
 -
 +                if( td->td_bitspersample > 16 )
 +                {
 +                    TIFFErrorExt(tif->tif_clientdata, module,
 +                                 "BitsPerSample %d not allowed for JPEG",
 +                                 td->td_bitspersample);
 +                    return (0);
 +                }
  		/*
  		 * A ReferenceBlackWhite field *must* be present since the
  		 * default value is inappropriate for YCbCr.  Fill in the
	From 0a76a8c765c7b8327c59646284fa78c3c27e5490 Mon Sep 17 00:00:00 2001
	From: erouault <erouault>
	Date: Wed, 11 Jan 2017 16:13:50 +0000
	Subject: [PATCH] * libtiff/tif_jpeg.c: validate BitsPerSample in
	JPEGSetupEncode() to avoid undefined behaviour caused by invalid shift
	exponent. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648

	Upstream-Status: Backport

	CVE: CVE-2017-7601
	Signed-off-by: Rajkumar Veer <rveer@mvista.com>
	Index: tiff-4.0.7/ChangeLog
	===================================================================
	--- tiff-4.0.7.orig/ChangeLog 2017-04-25 18:21:32.856116417 +0530
	+++ tiff-4.0.7/ChangeLog 2017-04-25 18:35:31.904129477 +0530
	@@ -1,4 +1,3 @@
	-
	2017-01-12 Even Rouault <even.rouault at spatialys.com>

	* libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesQTable,
	@@ -9,6 +8,12 @@

	2017-01-11 Even Rouault <even.rouault at spatialys.com>

	+ * libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode() to avoid
	+ undefined behaviour caused by invalid shift exponent.
	+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
	+
	+2017-01-11 Even Rouault <even.rouault at spatialys.com>
	+
	* libtiff/tif_dirread.c: avoid division by floating point 0 in
	TIFFReadDirEntryCheckedRational() and TIFFReadDirEntryCheckedSrational(),
	and return 0 in that case (instead of infinity as before presumably)
	Index: tiff-4.0.7/libtiff/tif_jpeg.c
	===================================================================
	--- tiff-4.0.7.orig/libtiff/tif_jpeg.c 2017-04-25 18:21:32.744116415 +0530
	+++ tiff-4.0.7/libtiff/tif_jpeg.c 2017-04-25 18:38:02.200131817 +0530
	@@ -1632,7 +1632,13 @@
	"Invalig horizontal/vertical sampling value");
	return (0);
	}
	-
	+ if( td->td_bitspersample > 16 )
	+ {
	+ TIFFErrorExt(tif->tif_clientdata, module,
	+ "BitsPerSample %d not allowed for JPEG",
	+ td->td_bitspersample);
	+ return (0);
	+ }
	/*
	* A ReferenceBlackWhite field must be present since the
	* default value is inappropriate for YCbCr. Fill in the