From d60609d3a12fb0e9925166b027c3f57884b77c5d Mon Sep 17 00:00:00 2001 From: Nicolas Pena Date: Thu, 20 Jul 2017 16:57:05 -0400 Subject: LibTIFF: remove a couple of patches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This CL removes two patches that correspond to non-security CF bugs. There are now only a few patches left: two patches to prevent overflow in _TIFFCheckRealloc (overflows here are dangerous as they can cause heap-buffer-overflows), one patch to prevent integer overflows which CF reported as a security issue, and one recent upstream patch (which would be removed in the next LibTIFF upgrade). Next steps: * Figure out how to reproduce the security issue from _TIFFCheckRealloc (samples from the bugs seem to just timeout on asan) and report bug upstream once it's confirmed that a change is needed. * Ditto integer overflow, except it was already reported upstream, so ping upstream once reproduction without the patch is possible again. Change-Id: I6f9096a6e69698d5ded6a59c4aca5e07b351e716 Reviewed-on: https://pdfium-review.googlesource.com/8532 Reviewed-by: dsinclair Commit-Queue: Nicolás Peña --- third_party/libtiff/tif_dirread.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'third_party/libtiff/tif_dirread.c') diff --git a/third_party/libtiff/tif_dirread.c b/third_party/libtiff/tif_dirread.c index 385ed12db0..772ebaf7d4 100644 --- a/third_party/libtiff/tif_dirread.c +++ b/third_party/libtiff/tif_dirread.c @@ -4491,7 +4491,7 @@ TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir, static const char module[] = "TIFFFetchDirectory"; void* origdir; - uint16 dircount16 = 0; + uint16 dircount16; uint32 dirsize; TIFFDirEntry* dir; uint8* ma; @@ -5429,8 +5429,6 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp) static const char module[] = "TIFFFetchStripThing"; enum TIFFReadDirEntryErr err; uint64* data; - _TIFFfree(*lpp); - *lpp = 0; err=TIFFReadDirEntryLong8Array(tif,dir,&data); if (err!=TIFFReadDirEntryErrOk) { -- cgit v1.2.3