diff options
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files/CVE-2020-35524-1.patch')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2020-35524-1.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2020-35524-1.patch b/meta/recipes-multimedia/libtiff/files/CVE-2020-35524-1.patch new file mode 100644 index 0000000000..5232eacb50 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2020-35524-1.patch @@ -0,0 +1,42 @@ +From c6a12721b46f1a72974f91177890301730d7b330 Mon Sep 17 00:00:00 2001 +From: Thomas Bernard <miniupnp@free.fr> +Date: Tue, 10 Nov 2020 01:01:59 +0100 +Subject: [PATCH] tiff2pdf.c: properly calculate datasize when saving to JPEG + YCbCr + +fixes #220 +Upstream-Status: Backport +https://gitlab.com/libtiff/libtiff/-/commit/c6a12721b46f1a72974f91177890301730d7b330 +https://gitlab.com/libtiff/libtiff/-/merge_requests/159/commits +CVE: CVE-2021-35524 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + +--- + tools/tiff2pdf.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c +index 719811ea..dc69d2f9 100644 +--- a/tools/tiff2pdf.c ++++ b/tools/tiff2pdf.c +@@ -2087,9 +2087,14 @@ void t2p_read_tiff_size(T2P* t2p, TIFF* input){ + #endif + (void) 0; + } +- k = checkMultiply64(TIFFScanlineSize(input), t2p->tiff_length, t2p); +- if(t2p->tiff_planar==PLANARCONFIG_SEPARATE){ +- k = checkMultiply64(k, t2p->tiff_samplesperpixel, t2p); ++ if(t2p->pdf_compression == T2P_COMPRESS_JPEG ++ && t2p->tiff_photometric == PHOTOMETRIC_YCBCR) { ++ k = checkMultiply64(TIFFNumberOfStrips(input), TIFFStripSize(input), t2p); ++ } else { ++ k = checkMultiply64(TIFFScanlineSize(input), t2p->tiff_length, t2p); ++ if(t2p->tiff_planar==PLANARCONFIG_SEPARATE){ ++ k = checkMultiply64(k, t2p->tiff_samplesperpixel, t2p); ++ } + } + if (k == 0) { + /* Assume we had overflow inside TIFFScanlineSize */ +-- +GitLab + |