From 3198c681df875f7f268f03040b64343741d4bda1 Mon Sep 17 00:00:00 2001
From: Nicolas Pena <npm@chromium.org>
Date: Wed, 5 Apr 2017 15:50:53 -0400
Subject: Libtiff: Prevent OOM in TIFFFillStrip
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In TIFFFillStrip, calls to TIFFReadBufferSetup may allocate large amounts of
memory. In this CL we do sanity checks on the claimed size of the raw strip
data before that happens, to prevent out-of-memory.

Bug: chromium:707431
Change-Id: I4e7c9a8630fad11d4f68a3ceccd71ffa511f4293
Reviewed-on: https://pdfium-review.googlesource.com/3811
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
---
 third_party/libtiff/README.pdfium | 1 +
 1 file changed, 1 insertion(+)

(limited to 'third_party/libtiff/README.pdfium')

diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium
index 55a314630a..b11066fedd 100644
--- a/third_party/libtiff/README.pdfium
+++ b/third_party/libtiff/README.pdfium
@@ -25,3 +25,4 @@ Local Modifications:
 0018-fix-leak-in-PredictorSetupDecode.patch: call tif->tif_cleanup if the setup fails.
 0019-oom-TIFFReadDirEntryArray.patch: Try to avoid out-of-memory in tif_dirread.c.
 0020-upstream-security-fixes.patch: patch our copy with several upstream security fixes.
+0021-oom-TIFFFillStrip.patch: Try to avoid out-of-memory in tif_read.c
-- 
cgit v1.2.3