summaryrefslogtreecommitdiff
path: root/third_party/libtiff/tif_dirread.c
diff options
context:
space:
mode:
authorNicolas Pena <npm@chromium.org>2017-07-20 16:57:05 -0400
committerChromium commit bot <commit-bot@chromium.org>2017-07-20 22:28:00 +0000
commitd60609d3a12fb0e9925166b027c3f57884b77c5d (patch)
treef441804c10471addbfa1d9ca616bd43cf9dd42b0 /third_party/libtiff/tif_dirread.c
parente03f8b1c9ccb8923c97f43a45b4a2dbc8c60a786 (diff)
downloadpdfium-d60609d3a12fb0e9925166b027c3f57884b77c5d.tar.xz
LibTIFF: remove a couple of patches
This CL removes two patches that correspond to non-security CF bugs. There are now only a few patches left: two patches to prevent overflow in _TIFFCheckRealloc (overflows here are dangerous as they can cause heap-buffer-overflows), one patch to prevent integer overflows which CF reported as a security issue, and one recent upstream patch (which would be removed in the next LibTIFF upgrade). Next steps: * Figure out how to reproduce the security issue from _TIFFCheckRealloc (samples from the bugs seem to just timeout on asan) and report bug upstream once it's confirmed that a change is needed. * Ditto integer overflow, except it was already reported upstream, so ping upstream once reproduction without the patch is possible again. Change-Id: I6f9096a6e69698d5ded6a59c4aca5e07b351e716 Reviewed-on: https://pdfium-review.googlesource.com/8532 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
Diffstat (limited to 'third_party/libtiff/tif_dirread.c')
-rw-r--r--third_party/libtiff/tif_dirread.c4
1 files changed, 1 insertions, 3 deletions
diff --git a/third_party/libtiff/tif_dirread.c b/third_party/libtiff/tif_dirread.c
index 385ed12db0..772ebaf7d4 100644
--- a/third_party/libtiff/tif_dirread.c
+++ b/third_party/libtiff/tif_dirread.c
@@ -4491,7 +4491,7 @@ TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir,
static const char module[] = "TIFFFetchDirectory";
void* origdir;
- uint16 dircount16 = 0;
+ uint16 dircount16;
uint32 dirsize;
TIFFDirEntry* dir;
uint8* ma;
@@ -5429,8 +5429,6 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp)
static const char module[] = "TIFFFetchStripThing";
enum TIFFReadDirEntryErr err;
uint64* data;
- _TIFFfree(*lpp);
- *lpp = 0;
err=TIFFReadDirEntryLong8Array(tif,dir,&data);
if (err!=TIFFReadDirEntryErrOk)
{