summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordsinclair <dsinclair@chromium.org>2016-10-03 13:59:57 -0700
committerCommit bot <commit-bot@chromium.org>2016-10-03 13:59:57 -0700
commit76383db4906c9357292846ace77566b34eb47de9 (patch)
tree60b3a5fa45ffca5c8f1b0c6b834e934a88c6a82e
parentabab61a1fcd776964a15c528dd2dd034fb31edf0 (diff)
downloadpdfium-chromium/2880.tar.xz
Fix potentially uninitialized value.chromium/2880
Depending on what ReadOK does it's possible for |dircount16| to be used without being initialized. The read code calls back into PDFium specific code which then calls into the stream reading code. Initialize the value to be sure it is set. BUG=chromium:651632 Review-Url: https://codereview.chromium.org/2389993002
-rw-r--r--third_party/libtiff/0007-uninitialized-value.patch13
-rw-r--r--third_party/libtiff/README.pdfium1
-rw-r--r--third_party/libtiff/tif_dirread.c2
3 files changed, 15 insertions, 1 deletions
diff --git a/third_party/libtiff/0007-uninitialized-value.patch b/third_party/libtiff/0007-uninitialized-value.patch
new file mode 100644
index 0000000000..f6e9806181
--- /dev/null
+++ b/third_party/libtiff/0007-uninitialized-value.patch
@@ -0,0 +1,13 @@
+diff --git a/third_party/libtiff/tif_dirread.c b/third_party/libtiff/tif_dirread.c
+index 5ef3264..bc41021 100644
+--- a/third_party/libtiff/tif_dirread.c
++++ b/third_party/libtiff/tif_dirread.c
+@@ -4443,7 +4443,7 @@ TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir,
+ static const char module[] = "TIFFFetchDirectory";
+
+ void* origdir;
+- uint16 dircount16;
++ uint16 dircount16 = 0;
+ uint32 dirsize;
+ TIFFDirEntry* dir;
+ uint8* ma;
diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium
index 936cd94e90..2f9c4f929f 100644
--- a/third_party/libtiff/README.pdfium
+++ b/third_party/libtiff/README.pdfium
@@ -16,3 +16,4 @@ Local Modifications:
0004-CVE-2015-8784.patch: Security fixes
0005-Leak-TIFFFetchStripThing.patch: Fix a memory leak
0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch: Fix a heap buffer overflow
+0007-uninitialized-value.patch: Fix potentially uninitialized dircount value
diff --git a/third_party/libtiff/tif_dirread.c b/third_party/libtiff/tif_dirread.c
index 5ef326485b..bc4102184c 100644
--- a/third_party/libtiff/tif_dirread.c
+++ b/third_party/libtiff/tif_dirread.c
@@ -4443,7 +4443,7 @@ TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir,
static const char module[] = "TIFFFetchDirectory";
void* origdir;
- uint16 dircount16;
+ uint16 dircount16 = 0;
uint32 dirsize;
TIFFDirEntry* dir;
uint8* ma;