diff options
Diffstat (limited to 'meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-3.patch')
-rw-r--r-- | meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-3.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-3.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-3.patch new file mode 100644 index 0000000000..71eba2f34e --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-3.patch @@ -0,0 +1,46 @@ +CVE: CVE-2023-6277 +Upstream-Status: Backport [upstream : https://gitlab.com/libtiff/libtiff/-/commit/de7bfd7d4377c266f81849579f696fa1ad5ba6c3 +ubuntu : http://archive.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_4.3.0-6ubuntu0.8.debian.tar.xz ] +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + +Backport of: + +From de7bfd7d4377c266f81849579f696fa1ad5ba6c3 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Tue, 31 Oct 2023 20:13:45 +0100 +Subject: [PATCH] TIFFFetchDirectory(): remove useless allocsize vs filesize + check + +CoverityScan rightly points that the max value for dircount16 * dirsize +is 4096 * 20. That's small enough not to do any check +--- + libtiff/tif_dirread.c | 18 ------------------ + 1 file changed, 18 deletions(-) + +--- tiff-4.3.0.orig/libtiff/tif_dirread.c ++++ tiff-4.3.0/libtiff/tif_dirread.c +@@ -4949,24 +4949,6 @@ TIFFFetchDirectory(TIFF* tif, uint64_t d + dircount16 = (uint16_t)dircount64; + dirsize = 20; + } +- const uint64_t allocsize = (uint64_t)dircount16 * dirsize; +- if (allocsize > 100 * 1024 * 1024) +- { +- /* Before allocating a huge amount of memory for corrupted files, +- * check if size of requested memory is not greater than file size. +- */ +- const uint64_t filesize = TIFFGetFileSize(tif); +- if (allocsize > filesize) +- { +- TIFFWarningExt( +- tif->tif_clientdata, module, +- "Requested memory size for TIFF directory of %" PRIu64 +- " is greater than filesize %" PRIu64 +- ". Memory not allocated, TIFF directory not read", +- allocsize, filesize); +- return 0; +- } +- } + origdir = _TIFFCheckMalloc(tif, dircount16, + dirsize, "to read TIFF directory"); + if (origdir == NULL) |