summaryrefslogtreecommitdiff
path: root/third_party
diff options
context:
space:
mode:
Diffstat (limited to 'third_party')
-rw-r--r--third_party/libtiff/0012-initialize-tif-rawdata.patch14
-rw-r--r--third_party/libtiff/README.pdfium1
-rw-r--r--third_party/libtiff/tif_read.c3
3 files changed, 18 insertions, 0 deletions
diff --git a/third_party/libtiff/0012-initialize-tif-rawdata.patch b/third_party/libtiff/0012-initialize-tif-rawdata.patch
new file mode 100644
index 0000000000..2543b89eb0
--- /dev/null
+++ b/third_party/libtiff/0012-initialize-tif-rawdata.patch
@@ -0,0 +1,14 @@
+diff --git a/third_party/libtiff/tif_read.c b/third_party/libtiff/tif_read.c
+index 5cb419bd4..548b1f5ea 100644
+--- a/third_party/libtiff/tif_read.c
++++ b/third_party/libtiff/tif_read.c
+@@ -936,6 +936,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size)
+ return (0);
+ }
+ tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
++ if (tif->tif_rawdata)
++ memset(tif->tif_rawdata, 0, tif->tif_rawdatasize);
++
+ tif->tif_flags |= TIFF_MYBUFFER;
+ }
+ if (tif->tif_rawdata == NULL) {
diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium
index fde3060c9a..c55fc63f36 100644
--- a/third_party/libtiff/README.pdfium
+++ b/third_party/libtiff/README.pdfium
@@ -21,3 +21,4 @@ Local Modifications:
0009-HeapBufferOverflow-PixarLogDecode.patch: Fix a heap buffer overflow
0010-fix-leak-imagebegin: Fix a leak when TIFFRGBAImageBegin fails
0011-fix-leak-imagebegin2: Apply upstream fix related to our previous patch
+0012-initialize-tif-rawdata.patch: Initialize tif_rawdata to guard against unitialized access
diff --git a/third_party/libtiff/tif_read.c b/third_party/libtiff/tif_read.c
index 5cb419bd41..548b1f5ea6 100644
--- a/third_party/libtiff/tif_read.c
+++ b/third_party/libtiff/tif_read.c
@@ -936,6 +936,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size)
return (0);
}
tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
+ if (tif->tif_rawdata)
+ memset(tif->tif_rawdata, 0, tif->tif_rawdatasize);
+
tif->tif_flags |= TIFF_MYBUFFER;
}
if (tif->tif_rawdata == NULL) {