Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
tiff.32962
tiff-CVE-2015-8668.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tiff-CVE-2015-8668.patch of Package tiff.32962
Based on tiff-CVE-2015-8668.patch from SLE11. Which is based on attached patch attached to bsc#960589 with different else case. Index: tiff-4.0.9/tools/bmp2tiff.c =================================================================== --- tiff-4.0.9.orig/tools/bmp2tiff.c +++ tiff-4.0.9/tools/bmp2tiff.c @@ -648,18 +648,35 @@ main(int argc, char* argv[]) || info_hdr.iCompression == BMPC_RLE4 ) { uint32 i, j, k, runlength; uint32 compr_size, uncompr_size; + uint32 bits = 0; unsigned char *comprbuf; unsigned char *uncomprbuf; compr_size = file_hdr.iSize - file_hdr.iOffBits; - uncompr_size = width * length; - /* Detect int overflow */ - if( uncompr_size / width != length ) { - TIFFError(infilename, - "Invalid dimensions of BMP file" ); - close(fd); - return -1; - } + + bits = info_hdr.iBitCount; + + if (bits > 8) // bit depth is > 8bit, adjust size + { + uncompr_size = width * length * (bits / 8); + /* Detect int overflow */ + if (uncompr_size / width / (bits / 8) != length) { + TIFFError(infilename, + "Invalid dimensions of BMP file"); + close(fd); + return -1; + } + } else { + uncompr_size = width * length; + /* Detect int overflow */ + if( uncompr_size / width != length ) { + TIFFError(infilename, + "Invalid dimensions of BMP file" ); + close(fd); + return -1; + } + } + if ( (compr_size == 0) || (compr_size > ((uint32) ~0) >> 1) || (uncompr_size == 0) ||
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor