diff options
Diffstat (limited to 'libtiff-CVE-2017-7598.patch')
| -rw-r--r-- | libtiff-CVE-2017-7598.patch | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/libtiff-CVE-2017-7598.patch b/libtiff-CVE-2017-7598.patch deleted file mode 100644 index b3b0c2a53b75..000000000000 --- a/libtiff-CVE-2017-7598.patch +++ /dev/null @@ -1,44 +0,0 @@ -From c682ee1d269b85c54202c04a9a5afb9737e75416 Mon Sep 17 00:00:00 2001 -From: erouault <erouault> -Date: Wed, 11 Jan 2017 13:28:01 +0000 -Subject: [PATCH 6/8] * libtiff/tif_dirread.c: avoid division by floating point - 0 in TIFFReadDirEntryCheckedRational() and - TIFFReadDirEntryCheckedSrational(), and return 0 in that case (instead of - infinity as before presumably) Apparently some sanitizers do not like those - divisions by zero. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2644 - ---- - libtiff/tif_dirread.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c -index 7d1d194..32aabe6 100644 ---- a/libtiff/tif_dirread.c -+++ b/libtiff/tif_dirread.c -@@ -2880,7 +2880,10 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFD - m.l = direntry->tdir_offset.toff_long8; - if (tif->tif_flags&TIFF_SWAB) - TIFFSwabArrayOfLong(m.i,2); -- if (m.i[0]==0) -+ /* Not completely sure what we should do when m.i[1]==0, but some */ -+ /* sanitizers do not like division by 0.0: */ -+ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */ -+ if (m.i[0]==0 || m.i[1]==0) - *value=0.0; - else - *value=(double)m.i[0]/(double)m.i[1]; -@@ -2908,7 +2911,10 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFF - m.l=direntry->tdir_offset.toff_long8; - if (tif->tif_flags&TIFF_SWAB) - TIFFSwabArrayOfLong(m.i,2); -- if ((int32)m.i[0]==0) -+ /* Not completely sure what we should do when m.i[1]==0, but some */ -+ /* sanitizers do not like division by 0.0: */ -+ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */ -+ if ((int32)m.i[0]==0 || m.i[1]==0) - *value=0.0; - else - *value=(double)((int32)m.i[0])/(double)m.i[1]; --- -2.7.4 - |