diff options
author | Nicolas Pena <npm@chromium.org> | 2017-04-18 15:36:29 -0400 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-04-18 20:24:11 +0000 |
commit | 152bfe0f60763263e8bf7292762885eb2aec9b85 (patch) | |
tree | 0ab40515446a4a4d8c779d39aae0707682a9fffe /third_party/libtiff | |
parent | 9bd8b4c8687cc95bed5df131ca8764f9ce203944 (diff) | |
download | pdfium-152bfe0f60763263e8bf7292762885eb2aec9b85.tar.xz |
Libtiff upstream: _TIFFcalloc addition
Upstream commit:
https://github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1
Bug: chromium:711638
Change-Id: I46de1a00f9bb8d5de8df64ec78a9d62dcb4352ed
Reviewed-on: https://pdfium-review.googlesource.com/4310
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
Diffstat (limited to 'third_party/libtiff')
-rw-r--r-- | third_party/libtiff/0022-upstream-patch-0012.patch | 29 | ||||
-rw-r--r-- | third_party/libtiff/README.pdfium | 1 | ||||
-rw-r--r-- | third_party/libtiff/tif_read.c | 6 | ||||
-rw-r--r-- | third_party/libtiff/tiffio.h | 1 |
4 files changed, 34 insertions, 3 deletions
diff --git a/third_party/libtiff/0022-upstream-patch-0012.patch b/third_party/libtiff/0022-upstream-patch-0012.patch new file mode 100644 index 0000000000..ce9b5ebc91 --- /dev/null +++ b/third_party/libtiff/0022-upstream-patch-0012.patch @@ -0,0 +1,29 @@ +diff --git a/third_party/libtiff/tif_read.c b/third_party/libtiff/tif_read.c +index c25e7e79f..47686a473 100644 +--- a/third_party/libtiff/tif_read.c ++++ b/third_party/libtiff/tif_read.c +@@ -983,9 +983,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size) + "Invalid buffer size"); + return (0); + } +- tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize); +- if (tif->tif_rawdata) +- memset(tif->tif_rawdata, 0, tif->tif_rawdatasize); ++ /* Initialize to zero to avoid uninitialized buffers in case of */ ++ /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */ ++ tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize); + + tif->tif_flags |= TIFF_MYBUFFER; + } +diff --git a/third_party/libtiff/tiffio.h b/third_party/libtiff/tiffio.h +index dd6c9a429..7d0da761f 100644 +--- a/third_party/libtiff/tiffio.h ++++ b/third_party/libtiff/tiffio.h +@@ -293,6 +293,7 @@ extern TIFFCodec* TIFFGetConfiguredCODECs(void); + */ + + extern void* _TIFFmalloc(tmsize_t s); ++extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz); + extern void* _TIFFrealloc(void* p, tmsize_t s); + extern void _TIFFmemset(void* p, int v, tmsize_t c); + extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c); diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium index b11066fedd..be326b2746 100644 --- a/third_party/libtiff/README.pdfium +++ b/third_party/libtiff/README.pdfium @@ -26,3 +26,4 @@ Local Modifications: 0019-oom-TIFFReadDirEntryArray.patch: Try to avoid out-of-memory in tif_dirread.c. 0020-upstream-security-fixes.patch: patch our copy with several upstream security fixes. 0021-oom-TIFFFillStrip.patch: Try to avoid out-of-memory in tif_read.c +0022-upstream-patch-0012.patch: Use the upstream solution corresponding to patch 0012. diff --git a/third_party/libtiff/tif_read.c b/third_party/libtiff/tif_read.c index c25e7e79f0..47686a473a 100644 --- a/third_party/libtiff/tif_read.c +++ b/third_party/libtiff/tif_read.c @@ -983,9 +983,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size) "Invalid buffer size"); return (0); } - tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize); - if (tif->tif_rawdata) - memset(tif->tif_rawdata, 0, tif->tif_rawdatasize); + /* Initialize to zero to avoid uninitialized buffers in case of */ + /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */ + tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize); tif->tif_flags |= TIFF_MYBUFFER; } diff --git a/third_party/libtiff/tiffio.h b/third_party/libtiff/tiffio.h index dd6c9a4294..7d0da761fc 100644 --- a/third_party/libtiff/tiffio.h +++ b/third_party/libtiff/tiffio.h @@ -293,6 +293,7 @@ extern TIFFCodec* TIFFGetConfiguredCODECs(void); */ extern void* _TIFFmalloc(tmsize_t s); +extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz); extern void* _TIFFrealloc(void* p, tmsize_t s); extern void _TIFFmemset(void* p, int v, tmsize_t c); extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c); |