summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNicolas Pena <npm@chromium.org>2017-04-18 15:36:29 -0400
committerChromium commit bot <commit-bot@chromium.org>2017-04-18 20:24:11 +0000
commit152bfe0f60763263e8bf7292762885eb2aec9b85 (patch)
tree0ab40515446a4a4d8c779d39aae0707682a9fffe
parent9bd8b4c8687cc95bed5df131ca8764f9ce203944 (diff)
downloadpdfium-152bfe0f60763263e8bf7292762885eb2aec9b85.tar.xz
Libtiff upstream: _TIFFcalloc addition
Upstream commit: https://github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1 Bug: chromium:711638 Change-Id: I46de1a00f9bb8d5de8df64ec78a9d62dcb4352ed Reviewed-on: https://pdfium-review.googlesource.com/4310 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
-rw-r--r--core/fxcodec/codec/ccodec_tiffmodule.cpp4
-rw-r--r--core/fxcrt/fx_basic_memmgr.cpp6
-rw-r--r--core/fxcrt/fx_memory.h1
-rw-r--r--third_party/libtiff/0022-upstream-patch-0012.patch29
-rw-r--r--third_party/libtiff/README.pdfium1
-rw-r--r--third_party/libtiff/tif_read.c6
-rw-r--r--third_party/libtiff/tiffio.h1
7 files changed, 45 insertions, 3 deletions
diff --git a/core/fxcodec/codec/ccodec_tiffmodule.cpp b/core/fxcodec/codec/ccodec_tiffmodule.cpp
index 295f0abe34..3c24c33286 100644
--- a/core/fxcodec/codec/ccodec_tiffmodule.cpp
+++ b/core/fxcodec/codec/ccodec_tiffmodule.cpp
@@ -62,6 +62,10 @@ class CCodec_TiffContext {
TIFF* m_tif_ctx;
};
+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz) {
+ return FXMEM_DefaultCalloc(nmemb, siz);
+}
+
void* _TIFFmalloc(tmsize_t size) {
return FXMEM_DefaultAlloc(size, 0);
}
diff --git a/core/fxcrt/fx_basic_memmgr.cpp b/core/fxcrt/fx_basic_memmgr.cpp
index f3aaa3678d..75bc2bc1f1 100644
--- a/core/fxcrt/fx_basic_memmgr.cpp
+++ b/core/fxcrt/fx_basic_memmgr.cpp
@@ -24,9 +24,15 @@ void FXMEM_InitalizePartitionAlloc() {
void* FXMEM_DefaultAlloc(size_t byte_size, int flags) {
return (void*)malloc(byte_size);
}
+
+void* FXMEM_DefaultCalloc(size_t num_elems, size_t byte_size) {
+ return calloc(num_elems, byte_size);
+}
+
void* FXMEM_DefaultRealloc(void* pointer, size_t new_size, int flags) {
return realloc(pointer, new_size);
}
+
void FXMEM_DefaultFree(void* pointer, int flags) {
free(pointer);
}
diff --git a/core/fxcrt/fx_memory.h b/core/fxcrt/fx_memory.h
index eb369d7d6c..684f2f2646 100644
--- a/core/fxcrt/fx_memory.h
+++ b/core/fxcrt/fx_memory.h
@@ -15,6 +15,7 @@ extern "C" {
// For external C libraries to malloc through PDFium. These may return nullptr.
void* FXMEM_DefaultAlloc(size_t byte_size, int flags);
+void* FXMEM_DefaultCalloc(size_t num_elems, size_t byte_size);
void* FXMEM_DefaultRealloc(void* pointer, size_t new_size, int flags);
void FXMEM_DefaultFree(void* pointer, int flags);
diff --git a/third_party/libtiff/0022-upstream-patch-0012.patch b/third_party/libtiff/0022-upstream-patch-0012.patch
new file mode 100644
index 0000000000..ce9b5ebc91
--- /dev/null
+++ b/third_party/libtiff/0022-upstream-patch-0012.patch
@@ -0,0 +1,29 @@
+diff --git a/third_party/libtiff/tif_read.c b/third_party/libtiff/tif_read.c
+index c25e7e79f..47686a473 100644
+--- a/third_party/libtiff/tif_read.c
++++ b/third_party/libtiff/tif_read.c
+@@ -983,9 +983,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size)
+ "Invalid buffer size");
+ return (0);
+ }
+- tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
+- if (tif->tif_rawdata)
+- memset(tif->tif_rawdata, 0, tif->tif_rawdatasize);
++ /* Initialize to zero to avoid uninitialized buffers in case of */
++ /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
++ tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
+
+ tif->tif_flags |= TIFF_MYBUFFER;
+ }
+diff --git a/third_party/libtiff/tiffio.h b/third_party/libtiff/tiffio.h
+index dd6c9a429..7d0da761f 100644
+--- a/third_party/libtiff/tiffio.h
++++ b/third_party/libtiff/tiffio.h
+@@ -293,6 +293,7 @@ extern TIFFCodec* TIFFGetConfiguredCODECs(void);
+ */
+
+ extern void* _TIFFmalloc(tmsize_t s);
++extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz);
+ extern void* _TIFFrealloc(void* p, tmsize_t s);
+ extern void _TIFFmemset(void* p, int v, tmsize_t c);
+ extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);
diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium
index b11066fedd..be326b2746 100644
--- a/third_party/libtiff/README.pdfium
+++ b/third_party/libtiff/README.pdfium
@@ -26,3 +26,4 @@ Local Modifications:
0019-oom-TIFFReadDirEntryArray.patch: Try to avoid out-of-memory in tif_dirread.c.
0020-upstream-security-fixes.patch: patch our copy with several upstream security fixes.
0021-oom-TIFFFillStrip.patch: Try to avoid out-of-memory in tif_read.c
+0022-upstream-patch-0012.patch: Use the upstream solution corresponding to patch 0012.
diff --git a/third_party/libtiff/tif_read.c b/third_party/libtiff/tif_read.c
index c25e7e79f0..47686a473a 100644
--- a/third_party/libtiff/tif_read.c
+++ b/third_party/libtiff/tif_read.c
@@ -983,9 +983,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size)
"Invalid buffer size");
return (0);
}
- tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
- if (tif->tif_rawdata)
- memset(tif->tif_rawdata, 0, tif->tif_rawdatasize);
+ /* Initialize to zero to avoid uninitialized buffers in case of */
+ /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
+ tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
tif->tif_flags |= TIFF_MYBUFFER;
}
diff --git a/third_party/libtiff/tiffio.h b/third_party/libtiff/tiffio.h
index dd6c9a4294..7d0da761fc 100644
--- a/third_party/libtiff/tiffio.h
+++ b/third_party/libtiff/tiffio.h
@@ -293,6 +293,7 @@ extern TIFFCodec* TIFFGetConfiguredCODECs(void);
*/
extern void* _TIFFmalloc(tmsize_t s);
+extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz);
extern void* _TIFFrealloc(void* p, tmsize_t s);
extern void _TIFFmemset(void* p, int v, tmsize_t c);
extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);