summaryrefslogtreecommitdiff
path: root/third_party/libtiff
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/libtiff')
-rw-r--r--third_party/libtiff/0022-upstream-patch-0012.patch29
-rw-r--r--third_party/libtiff/README.pdfium1
-rw-r--r--third_party/libtiff/tif_read.c6
-rw-r--r--third_party/libtiff/tiffio.h1
4 files changed, 34 insertions, 3 deletions
diff --git a/third_party/libtiff/0022-upstream-patch-0012.patch b/third_party/libtiff/0022-upstream-patch-0012.patch
new file mode 100644
index 0000000000..ce9b5ebc91
--- /dev/null
+++ b/third_party/libtiff/0022-upstream-patch-0012.patch
@@ -0,0 +1,29 @@
+diff --git a/third_party/libtiff/tif_read.c b/third_party/libtiff/tif_read.c
+index c25e7e79f..47686a473 100644
+--- a/third_party/libtiff/tif_read.c
++++ b/third_party/libtiff/tif_read.c
+@@ -983,9 +983,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size)
+ "Invalid buffer size");
+ return (0);
+ }
+- tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
+- if (tif->tif_rawdata)
+- memset(tif->tif_rawdata, 0, tif->tif_rawdatasize);
++ /* Initialize to zero to avoid uninitialized buffers in case of */
++ /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
++ tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
+
+ tif->tif_flags |= TIFF_MYBUFFER;
+ }
+diff --git a/third_party/libtiff/tiffio.h b/third_party/libtiff/tiffio.h
+index dd6c9a429..7d0da761f 100644
+--- a/third_party/libtiff/tiffio.h
++++ b/third_party/libtiff/tiffio.h
+@@ -293,6 +293,7 @@ extern TIFFCodec* TIFFGetConfiguredCODECs(void);
+ */
+
+ extern void* _TIFFmalloc(tmsize_t s);
++extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz);
+ extern void* _TIFFrealloc(void* p, tmsize_t s);
+ extern void _TIFFmemset(void* p, int v, tmsize_t c);
+ extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);
diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium
index b11066fedd..be326b2746 100644
--- a/third_party/libtiff/README.pdfium
+++ b/third_party/libtiff/README.pdfium
@@ -26,3 +26,4 @@ Local Modifications:
0019-oom-TIFFReadDirEntryArray.patch: Try to avoid out-of-memory in tif_dirread.c.
0020-upstream-security-fixes.patch: patch our copy with several upstream security fixes.
0021-oom-TIFFFillStrip.patch: Try to avoid out-of-memory in tif_read.c
+0022-upstream-patch-0012.patch: Use the upstream solution corresponding to patch 0012.
diff --git a/third_party/libtiff/tif_read.c b/third_party/libtiff/tif_read.c
index c25e7e79f0..47686a473a 100644
--- a/third_party/libtiff/tif_read.c
+++ b/third_party/libtiff/tif_read.c
@@ -983,9 +983,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size)
"Invalid buffer size");
return (0);
}
- tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
- if (tif->tif_rawdata)
- memset(tif->tif_rawdata, 0, tif->tif_rawdatasize);
+ /* Initialize to zero to avoid uninitialized buffers in case of */
+ /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
+ tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
tif->tif_flags |= TIFF_MYBUFFER;
}
diff --git a/third_party/libtiff/tiffio.h b/third_party/libtiff/tiffio.h
index dd6c9a4294..7d0da761fc 100644
--- a/third_party/libtiff/tiffio.h
+++ b/third_party/libtiff/tiffio.h
@@ -293,6 +293,7 @@ extern TIFFCodec* TIFFGetConfiguredCODECs(void);
*/
extern void* _TIFFmalloc(tmsize_t s);
+extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz);
extern void* _TIFFrealloc(void* p, tmsize_t s);
extern void _TIFFmemset(void* p, int v, tmsize_t c);
extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-03 11:05:20 +0000