diff options
Diffstat (limited to 'libtiff-CVE-2016-10271_10272.patch')
-rw-r--r-- | libtiff-CVE-2016-10271_10272.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/libtiff-CVE-2016-10271_10272.patch b/libtiff-CVE-2016-10271_10272.patch new file mode 100644 index 000000000000..4b33cb1519d9 --- /dev/null +++ b/libtiff-CVE-2016-10271_10272.patch @@ -0,0 +1,28 @@ +From 9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a Mon Sep 17 00:00:00 2001 +From: erouault <erouault> +Date: Sat, 3 Dec 2016 11:35:56 +0000 +Subject: [PATCH] * tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i + (ignore) mode so that the output buffer is correctly incremented to avoid + write outside bounds. Reported by Agostino Sarubbo. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2620 + +--- + tools/tiffcrop.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index b87a77a..70a71e1 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -3698,7 +3698,7 @@ static int readContigStripsIntoBuffer (TIFF* in, uint8* buf) + (unsigned long) strip, (unsigned long)rows); + return 0; + } +- bufp += bytes_read; ++ bufp += stripsize; + } + + return 1; +-- +2.7.4 + |