Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 162356 Details for
Bug 234080
media-libs/tiff <3.8.2-r4 buffer underflow in LZW decoding (CVE-2008-2327)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
tiff-3.8.2-bug1929.patch
tiff-3.8.2-bug1929.patch (text/plain), 1.32 KB, created by
Robert Buchholz (RETIRED)
on 2008-08-06 12:44:51 UTC
(
hide
)
Description:
tiff-3.8.2-bug1929.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-08-06 12:44:51 UTC
Size:
1.32 KB
patch
obsolete
>Index: tiff-3.8.2/libtiff/tif_lzw.c >=================================================================== >--- tiff-3.8.2.orig/libtiff/tif_lzw.c >+++ tiff-3.8.2/libtiff/tif_lzw.c >@@ -237,6 +237,12 @@ LZWSetupDecode(TIFF* tif) > sp->dec_codetab[code].length = 1; > sp->dec_codetab[code].next = NULL; > } while (code--); >+ /* >+ * Zero-out the unused entries >+ */ >+ _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0, >+ (CODE_FIRST-CODE_CLEAR)*sizeof (code_t)); >+ > } > return (1); > } >@@ -415,6 +421,12 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize > NextCode(tif, sp, bp, code, GetNextCode); > if (code == CODE_EOI) > break; >+ if (code == CODE_CLEAR) { >+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name, >+ "LZWDecode: Corrupted LZW table at scanline %d", >+ tif->tif_row); >+ return (0); >+ } > *op++ = (char)code, occ--; > oldcodep = sp->dec_codetab + code; > continue; >@@ -612,6 +624,12 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0, > NextCode(tif, sp, bp, code, GetNextCodeCompat); > if (code == CODE_EOI) > break; >+ if (code == CODE_CLEAR) { >+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name, >+ "LZWDecode: Corrupted LZW table at scanline %d", >+ tif->tif_row); >+ return (0); >+ } > *op++ = code, occ--; > oldcodep = sp->dec_codetab + code; > continue;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 234080
:
162354
| 162356 |
163378