From 76383db4906c9357292846ace77566b34eb47de9 Mon Sep 17 00:00:00 2001
From: dsinclair <dsinclair@chromium.org>
Date: Mon, 3 Oct 2016 13:59:57 -0700
Subject: Fix potentially uninitialized value.

Depending on what ReadOK does it's possible for |dircount16| to be used without
being initialized. The read code calls back into PDFium specific code which then
calls into the stream reading code.

Initialize the value to be sure it is set.

BUG=chromium:651632

Review-Url: https://codereview.chromium.org/2389993002
---
 third_party/libtiff/0007-uninitialized-value.patch | 13 +++++++++++++
 third_party/libtiff/README.pdfium                  |  1 +
 third_party/libtiff/tif_dirread.c                  |  2 +-
 3 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 third_party/libtiff/0007-uninitialized-value.patch

diff --git a/third_party/libtiff/0007-uninitialized-value.patch b/third_party/libtiff/0007-uninitialized-value.patch
new file mode 100644
index 0000000000..f6e9806181
--- /dev/null
+++ b/third_party/libtiff/0007-uninitialized-value.patch
@@ -0,0 +1,13 @@
+diff --git a/third_party/libtiff/tif_dirread.c b/third_party/libtiff/tif_dirread.c
+index 5ef3264..bc41021 100644
+--- a/third_party/libtiff/tif_dirread.c
++++ b/third_party/libtiff/tif_dirread.c
+@@ -4443,7 +4443,7 @@ TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir,
+ 	static const char module[] = "TIFFFetchDirectory";
+ 
+ 	void* origdir;
+-	uint16 dircount16;
++	uint16 dircount16 = 0;
+ 	uint32 dirsize;
+ 	TIFFDirEntry* dir;
+ 	uint8* ma;
diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium
index 936cd94e90..2f9c4f929f 100644
--- a/third_party/libtiff/README.pdfium
+++ b/third_party/libtiff/README.pdfium
@@ -16,3 +16,4 @@ Local Modifications:
 0004-CVE-2015-8784.patch: Security fixes
 0005-Leak-TIFFFetchStripThing.patch: Fix a memory leak
 0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch: Fix a heap buffer overflow
+0007-uninitialized-value.patch: Fix potentially uninitialized dircount value
diff --git a/third_party/libtiff/tif_dirread.c b/third_party/libtiff/tif_dirread.c
index 5ef326485b..bc4102184c 100644
--- a/third_party/libtiff/tif_dirread.c
+++ b/third_party/libtiff/tif_dirread.c
@@ -4443,7 +4443,7 @@ TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir,
 	static const char module[] = "TIFFFetchDirectory";
 
 	void* origdir;
-	uint16 dircount16;
+	uint16 dircount16 = 0;
 	uint32 dirsize;
 	TIFFDirEntry* dir;
 	uint8* ma;
-- 
cgit v1.2.3