Libtiff: Prevent OOM in TIFFFillStrip

In TIFFFillStrip, calls to TIFFReadBufferSetup may allocate large amounts of memory. In this CL we do sanity checks on the claimed size of the raw strip data before that happens, to prevent out-of-memory. Bug: chromium:707431 Change-Id: I4e7c9a8630fad11d4f68a3ceccd71ffa511f4293 Reviewed-on: https://pdfium-review.googlesource.com/3811 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
author: Nicolas Pena <npm@chromium.org> 2017-04-05 15:50:53 -0400
committer: Chromium commit bot <commit-bot@chromium.org> 2017-04-05 20:29:31 +0000
commit: 3198c681df875f7f268f03040b64343741d4bda1 (patch)
tree: 6bd488f8109f7868104286fc659e41c9490914c9 /third_party/libtiff/README.pdfium
parent: c057abce3508b0cd31b631b31bc41d2ecf5c37b0 (diff)
download: pdfium-3198c681df875f7f268f03040b64343741d4bda1.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium
index 55a314630a..b11066fedd 100644
--- a/third_party/libtiff/README.pdfium
+++ b/third_party/libtiff/README.pdfium
@@ -25,3 +25,4 @@ Local Modifications:
 0018-fix-leak-in-PredictorSetupDecode.patch: call tif->tif_cleanup if the setup fails.
 0019-oom-TIFFReadDirEntryArray.patch: Try to avoid out-of-memory in tif_dirread.c.
 0020-upstream-security-fixes.patch: patch our copy with several upstream security fixes.
+0021-oom-TIFFFillStrip.patch: Try to avoid out-of-memory in tif_read.c
author	Nicolas Pena <npm@chromium.org>	2017-04-05 15:50:53 -0400
committer	Chromium commit bot <commit-bot@chromium.org>	2017-04-05 20:29:31 +0000
commit	3198c681df875f7f268f03040b64343741d4bda1 (patch)
tree	6bd488f8109f7868104286fc659e41c9490914c9 /third_party/libtiff/README.pdfium
parent	c057abce3508b0cd31b631b31bc41d2ecf5c37b0 (diff)
download	pdfium-3198c681df875f7f268f03040b64343741d4bda1.tar.xz