LibTIFF: remove a couple of patches

This CL removes two patches that correspond to non-security CF bugs.
There are now only a few patches left: two patches to prevent overflow
in _TIFFCheckRealloc (overflows here are dangerous as they can cause
heap-buffer-overflows), one patch to prevent integer overflows which CF
reported as a security issue, and one recent upstream patch (which would
be removed in the next LibTIFF upgrade).

Next steps:
* Figure out how to reproduce the security issue from _TIFFCheckRealloc
(samples from the bugs seem to just timeout on asan) and report bug
upstream once it's confirmed that a change is needed.
* Ditto integer overflow, except it was already reported upstream, so
ping upstream once reproduction without the patch is possible again.

Change-Id: I6f9096a6e69698d5ded6a59c4aca5e07b351e716
Reviewed-on: https://pdfium-review.googlesource.com/8532
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>

1 files changed, 1 insertions, 3 deletions

diff --git a/third_party/libtiff/tif_dirread.c b/third_party/libtiff/tif_dirread.c
index 385ed12db0..772ebaf7d4 100644
--- a/third_party/libtiff/tif_dirread.c
+++ b/third_party/libtiff/tif_dirread.c
@@ -4491,7 +4491,7 @@ TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir,
 	static const char module[] = "TIFFFetchDirectory";
 
 	void* origdir;
-	uint16 dircount16 = 0;
+	uint16 dircount16;
 	uint32 dirsize;
 	TIFFDirEntry* dir;
 	uint8* ma;
@@ -5429,8 +5429,6 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp)
 	static const char module[] = "TIFFFetchStripThing";
 	enum TIFFReadDirEntryErr err;
 	uint64* data;
-	_TIFFfree(*lpp);
-	*lpp = 0;
 	err=TIFFReadDirEntryLong8Array(tif,dir,&data);
 	if (err!=TIFFReadDirEntryErrOk)
 	{