diff options
-rw-r--r-- | third_party/libtiff/0012-initialize-tif-rawdata.patch | 14 | ||||
-rw-r--r-- | third_party/libtiff/README.pdfium | 1 | ||||
-rw-r--r-- | third_party/libtiff/tif_read.c | 3 |
3 files changed, 18 insertions, 0 deletions
diff --git a/third_party/libtiff/0012-initialize-tif-rawdata.patch b/third_party/libtiff/0012-initialize-tif-rawdata.patch new file mode 100644 index 0000000000..2543b89eb0 --- /dev/null +++ b/third_party/libtiff/0012-initialize-tif-rawdata.patch @@ -0,0 +1,14 @@ +diff --git a/third_party/libtiff/tif_read.c b/third_party/libtiff/tif_read.c +index 5cb419bd4..548b1f5ea 100644 +--- a/third_party/libtiff/tif_read.c ++++ b/third_party/libtiff/tif_read.c +@@ -936,6 +936,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size) + return (0); + } + tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize); ++ if (tif->tif_rawdata) ++ memset(tif->tif_rawdata, 0, tif->tif_rawdatasize); ++ + tif->tif_flags |= TIFF_MYBUFFER; + } + if (tif->tif_rawdata == NULL) { diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium index fde3060c9a..c55fc63f36 100644 --- a/third_party/libtiff/README.pdfium +++ b/third_party/libtiff/README.pdfium @@ -21,3 +21,4 @@ Local Modifications: 0009-HeapBufferOverflow-PixarLogDecode.patch: Fix a heap buffer overflow 0010-fix-leak-imagebegin: Fix a leak when TIFFRGBAImageBegin fails 0011-fix-leak-imagebegin2: Apply upstream fix related to our previous patch +0012-initialize-tif-rawdata.patch: Initialize tif_rawdata to guard against unitialized access diff --git a/third_party/libtiff/tif_read.c b/third_party/libtiff/tif_read.c index 5cb419bd41..548b1f5ea6 100644 --- a/third_party/libtiff/tif_read.c +++ b/third_party/libtiff/tif_read.c @@ -936,6 +936,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size) return (0); } tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize); + if (tif->tif_rawdata) + memset(tif->tif_rawdata, 0, tif->tif_rawdatasize); + tif->tif_flags |= TIFF_MYBUFFER; } if (tif->tif_rawdata == NULL) { |