From 152bfe0f60763263e8bf7292762885eb2aec9b85 Mon Sep 17 00:00:00 2001 From: Nicolas Pena Date: Tue, 18 Apr 2017 15:36:29 -0400 Subject: Libtiff upstream: _TIFFcalloc addition MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upstream commit: https://github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1 Bug: chromium:711638 Change-Id: I46de1a00f9bb8d5de8df64ec78a9d62dcb4352ed Reviewed-on: https://pdfium-review.googlesource.com/4310 Reviewed-by: Tom Sepez Commit-Queue: Nicolás Peña --- third_party/libtiff/0022-upstream-patch-0012.patch | 29 ++++++++++++++++++++++ third_party/libtiff/README.pdfium | 1 + third_party/libtiff/tif_read.c | 6 ++--- third_party/libtiff/tiffio.h | 1 + 4 files changed, 34 insertions(+), 3 deletions(-) create mode 100644 third_party/libtiff/0022-upstream-patch-0012.patch (limited to 'third_party/libtiff') diff --git a/third_party/libtiff/0022-upstream-patch-0012.patch b/third_party/libtiff/0022-upstream-patch-0012.patch new file mode 100644 index 0000000000..ce9b5ebc91 --- /dev/null +++ b/third_party/libtiff/0022-upstream-patch-0012.patch @@ -0,0 +1,29 @@ +diff --git a/third_party/libtiff/tif_read.c b/third_party/libtiff/tif_read.c +index c25e7e79f..47686a473 100644 +--- a/third_party/libtiff/tif_read.c ++++ b/third_party/libtiff/tif_read.c +@@ -983,9 +983,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size) + "Invalid buffer size"); + return (0); + } +- tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize); +- if (tif->tif_rawdata) +- memset(tif->tif_rawdata, 0, tif->tif_rawdatasize); ++ /* Initialize to zero to avoid uninitialized buffers in case of */ ++ /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */ ++ tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize); + + tif->tif_flags |= TIFF_MYBUFFER; + } +diff --git a/third_party/libtiff/tiffio.h b/third_party/libtiff/tiffio.h +index dd6c9a429..7d0da761f 100644 +--- a/third_party/libtiff/tiffio.h ++++ b/third_party/libtiff/tiffio.h +@@ -293,6 +293,7 @@ extern TIFFCodec* TIFFGetConfiguredCODECs(void); + */ + + extern void* _TIFFmalloc(tmsize_t s); ++extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz); + extern void* _TIFFrealloc(void* p, tmsize_t s); + extern void _TIFFmemset(void* p, int v, tmsize_t c); + extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c); diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium index b11066fedd..be326b2746 100644 --- a/third_party/libtiff/README.pdfium +++ b/third_party/libtiff/README.pdfium @@ -26,3 +26,4 @@ Local Modifications: 0019-oom-TIFFReadDirEntryArray.patch: Try to avoid out-of-memory in tif_dirread.c. 0020-upstream-security-fixes.patch: patch our copy with several upstream security fixes. 0021-oom-TIFFFillStrip.patch: Try to avoid out-of-memory in tif_read.c +0022-upstream-patch-0012.patch: Use the upstream solution corresponding to patch 0012. diff --git a/third_party/libtiff/tif_read.c b/third_party/libtiff/tif_read.c index c25e7e79f0..47686a473a 100644 --- a/third_party/libtiff/tif_read.c +++ b/third_party/libtiff/tif_read.c @@ -983,9 +983,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size) "Invalid buffer size"); return (0); } - tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize); - if (tif->tif_rawdata) - memset(tif->tif_rawdata, 0, tif->tif_rawdatasize); + /* Initialize to zero to avoid uninitialized buffers in case of */ + /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */ + tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize); tif->tif_flags |= TIFF_MYBUFFER; } diff --git a/third_party/libtiff/tiffio.h b/third_party/libtiff/tiffio.h index dd6c9a4294..7d0da761fc 100644 --- a/third_party/libtiff/tiffio.h +++ b/third_party/libtiff/tiffio.h @@ -293,6 +293,7 @@ extern TIFFCodec* TIFFGetConfiguredCODECs(void); */ extern void* _TIFFmalloc(tmsize_t s); +extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz); extern void* _TIFFrealloc(void* p, tmsize_t s); extern void _TIFFmemset(void* p, int v, tmsize_t c); extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c); -- cgit v1.2.3