diff options
Diffstat (limited to 'third_party/libtiff/0021-oom-TIFFFillStrip.patch')
| -rw-r--r-- | third_party/libtiff/0021-oom-TIFFFillStrip.patch | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/third_party/libtiff/0021-oom-TIFFFillStrip.patch b/third_party/libtiff/0021-oom-TIFFFillStrip.patch new file mode 100644 index 0000000000..a64dc5ed13 --- /dev/null +++ b/third_party/libtiff/0021-oom-TIFFFillStrip.patch @@ -0,0 +1,18 @@ +diff --git a/third_party/libtiff/tif_read.c b/third_party/libtiff/tif_read.c +index 1ba100e54..c25e7e79f 100644 +--- a/third_party/libtiff/tif_read.c ++++ b/third_party/libtiff/tif_read.c +@@ -616,6 +616,13 @@ TIFFFillStrip(TIFF* tif, uint32 strip) + TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow"); + return(0); + } ++ const tmsize_t size=isMapped(tif)? tif->tif_size : (tmsize_t)TIFFGetFileSize(tif); ++ if (bytecountm > size) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Requested read strip size %lu is too large", ++ (unsigned long) strip); ++ return (0); ++ } + if (bytecountm > tif->tif_rawdatasize) { + tif->tif_curstrip = NOSTRIP; + if ((tif->tif_flags & TIFF_MYBUFFER) == 0) { |