libtiff: Prevent a buffer overflow in function ChopUpSingleUncompressedStrip.

The patch (https://codereview.chromium.org/2284063002) for Issue 618267 was insufficient. The integer overflow still could be triggered and could lead to heap buffer overflow. This CL strengthens integer overflow check in function _TIFFCheckRealloc. BUG=chromium:654169 R=ochang@chromium.org, tsepez@chromium.org, dsinclair@chromium.org Review-Url: https://codereview.chromium.org/2405693002
author: stackexploit <stackexploit@gmail.com> 2016-10-10 10:58:25 -0700
committer: Commit bot <commit-bot@chromium.org> 2016-10-10 10:58:25 -0700
commit: 24ba0a2ef48d7be37f02056d20bb8c625f641939 (patch)
tree: 903bb9dd7c91743057d8b2ead4a1ba7196ca0e02 /third_party/libtiff/README.pdfium
parent: 3a0a808ff546b5633a2384f4ed156b7ced605c90 (diff)
download: pdfium-24ba0a2ef48d7be37f02056d20bb8c625f641939.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium
index 2f9c4f929f..66049c4e98 100644
--- a/third_party/libtiff/README.pdfium
+++ b/third_party/libtiff/README.pdfium
@@ -17,3 +17,4 @@ Local Modifications:
 0005-Leak-TIFFFetchStripThing.patch: Fix a memory leak
 0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch: Fix a heap buffer overflow
 0007-uninitialized-value.patch: Fix potentially uninitialized dircount value
+0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch: Fix a heap buffer overflow
author	stackexploit <stackexploit@gmail.com>	2016-10-10 10:58:25 -0700
committer	Commit bot <commit-bot@chromium.org>	2016-10-10 10:58:25 -0700
commit	24ba0a2ef48d7be37f02056d20bb8c625f641939 (patch)
tree	903bb9dd7c91743057d8b2ead4a1ba7196ca0e02 /third_party/libtiff/README.pdfium
parent	3a0a808ff546b5633a2384f4ed156b7ced605c90 (diff)
download	pdfium-24ba0a2ef48d7be37f02056d20bb8c625f641939.tar.xz