From 05f541279ec01dfdc76ad6b8b142fa5f04cd544c Mon Sep 17 00:00:00 2001 From: Nicolas Pena Date: Tue, 3 Jan 2017 11:04:26 -0500 Subject: Libtiff update with upstream MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This CL makes the fix to the bug equal to that which has now been submitted upstream. Link: https://github.com/vadz/libtiff/commit/fa6b22a5135fdeabe860097c04f298ca0ae7f2e1 Our original CL for fixing the bug: https://codereview.chromium.org/2545723004/ BUG=657473 Change-Id: I52ae6a062ac07a0e20d0ba4ab823cbbf1d2b1ac1 Reviewed-on: https://pdfium-review.googlesource.com/2136 Commit-Queue: Nicolás Peña Commit-Queue: dsinclair Reviewed-by: dsinclair --- .../libtiff/0011-fix-leak-imagebegin2.patch | 41 ++++++++++++++++++++++ third_party/libtiff/README.pdfium | 1 + third_party/libtiff/tif_getimage.c | 16 ++++----- 3 files changed, 50 insertions(+), 8 deletions(-) create mode 100644 third_party/libtiff/0011-fix-leak-imagebegin2.patch diff --git a/third_party/libtiff/0011-fix-leak-imagebegin2.patch b/third_party/libtiff/0011-fix-leak-imagebegin2.patch new file mode 100644 index 0000000000..91f82c939e --- /dev/null +++ b/third_party/libtiff/0011-fix-leak-imagebegin2.patch @@ -0,0 +1,41 @@ +diff --git a/third_party/libtiff/tif_getimage.c b/third_party/libtiff/tif_getimage.c +index 97fa94d..1cf6ac6 100644 +--- a/third_party/libtiff/tif_getimage.c ++++ b/third_party/libtiff/tif_getimage.c +@@ -267,6 +267,13 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024]) + img->redcmap = NULL; + img->greencmap = NULL; + img->bluecmap = NULL; ++ img->Map = NULL; ++ img->BWmap = NULL; ++ img->PALmap = NULL; ++ img->ycbcr = NULL; ++ img->cielab = NULL; ++ img->UaToAa = NULL; ++ img->Bitdepth16To8 = NULL; + img->req_orientation = ORIENTATION_BOTLEFT; /* It is the default */ + + img->tif = tif; +@@ -452,13 +459,6 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024]) + photoTag, img->photometric); + goto fail_return; + } +- img->Map = NULL; +- img->BWmap = NULL; +- img->PALmap = NULL; +- img->ycbcr = NULL; +- img->cielab = NULL; +- img->UaToAa = NULL; +- img->Bitdepth16To8 = NULL; + TIFFGetField(tif, TIFFTAG_IMAGEWIDTH, &img->width); + TIFFGetField(tif, TIFFTAG_IMAGELENGTH, &img->height); + TIFFGetFieldDefaulted(tif, TIFFTAG_ORIENTATION, &img->orientation); +@@ -478,7 +478,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024]) + return 1; + + fail_return: +- TIFFRGBAImageEnd(img); ++ TIFFRGBAImageEnd( img ); + return 0; + } + \ No newline at end of file diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium index 3842ea67c0..fde3060c9a 100644 --- a/third_party/libtiff/README.pdfium +++ b/third_party/libtiff/README.pdfium @@ -20,3 +20,4 @@ Local Modifications: 0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch: Fix a heap buffer overflow 0009-HeapBufferOverflow-PixarLogDecode.patch: Fix a heap buffer overflow 0010-fix-leak-imagebegin: Fix a leak when TIFFRGBAImageBegin fails +0011-fix-leak-imagebegin2: Apply upstream fix related to our previous patch diff --git a/third_party/libtiff/tif_getimage.c b/third_party/libtiff/tif_getimage.c index 97fa94dbe7..1cf6ac6b45 100644 --- a/third_party/libtiff/tif_getimage.c +++ b/third_party/libtiff/tif_getimage.c @@ -267,6 +267,13 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024]) img->redcmap = NULL; img->greencmap = NULL; img->bluecmap = NULL; + img->Map = NULL; + img->BWmap = NULL; + img->PALmap = NULL; + img->ycbcr = NULL; + img->cielab = NULL; + img->UaToAa = NULL; + img->Bitdepth16To8 = NULL; img->req_orientation = ORIENTATION_BOTLEFT; /* It is the default */ img->tif = tif; @@ -452,13 +459,6 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024]) photoTag, img->photometric); goto fail_return; } - img->Map = NULL; - img->BWmap = NULL; - img->PALmap = NULL; - img->ycbcr = NULL; - img->cielab = NULL; - img->UaToAa = NULL; - img->Bitdepth16To8 = NULL; TIFFGetField(tif, TIFFTAG_IMAGEWIDTH, &img->width); TIFFGetField(tif, TIFFTAG_IMAGELENGTH, &img->height); TIFFGetFieldDefaulted(tif, TIFFTAG_ORIENTATION, &img->orientation); @@ -478,7 +478,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024]) return 1; fail_return: - TIFFRGBAImageEnd(img); + TIFFRGBAImageEnd( img ); return 0; } -- cgit v1.2.3