Merge branch 'cve' into 'master'

CVE bumps: part one See merge request !249
author: A. Wilcox <awilcox@wilcox-tech.com> 2019-06-21 23:38:53 +0000
committer: A. Wilcox <awilcox@wilcox-tech.com> 2019-06-21 23:38:53 +0000
commit: fd45ed897742614bd2867cb46578557beb820026 (patch)
tree: 8eaa82bc50ad1a89272b146743ec1544163d48f3 /user/tiff/CVE-2019-7663.patch
parent: 86d0de126ffdebdb8cee9581ce51c16a6f20b58b (diff)
parent: 332e0a40fabc1c4047a631273e5d5df46cbf4bb2 (diff)
download: packages-fd45ed897742614bd2867cb46578557beb820026.tar.gz
packages-fd45ed897742614bd2867cb46578557beb820026.tar.bz2
packages-fd45ed897742614bd2867cb46578557beb820026.tar.xz
packages-fd45ed897742614bd2867cb46578557beb820026.zip
1 files changed, 37 insertions, 0 deletions
diff --git a/user/tiff/CVE-2019-7663.patch b/user/tiff/CVE-2019-7663.patch
new file mode 100644
index 000000000..8049566c6
--- /dev/null
+++ b/user/tiff/CVE-2019-7663.patch
@@ -0,0 +1,37 @@
+From 802d3cbf3043be5dce5317e140ccb1c17a6a2d39 Mon Sep 17 00:00:00 2001
+From: Thomas Bernard <miniupnp@free.fr>
+Date: Tue, 29 Jan 2019 11:21:47 +0100
+Subject: [PATCH] TIFFWriteDirectoryTagTransferfunction() : fix NULL
+ dereferencing
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2833
+
+we must check the pointer is not NULL before memcmp() the memory
+---
+ libtiff/tif_dirwrite.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
+index c15a28db..ef30c869 100644
+--- a/libtiff/tif_dirwrite.c
++++ b/libtiff/tif_dirwrite.c
+@@ -1893,12 +1893,14 @@ TIFFWriteDirectoryTagTransferfunction(TIFF* tif, uint32* ndir, TIFFDirEntry* dir
+ 		n=3;
+ 	if (n==3)
+ 	{
+-		if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16)))
++		if (tif->tif_dir.td_transferfunction[2] == NULL ||
++		    !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16)))
+ 			n=2;
+ 	}
+ 	if (n==2)
+ 	{
+-		if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16)))
++		if (tif->tif_dir.td_transferfunction[1] == NULL ||
++		    !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16)))
+ 			n=1;
+ 	}
+ 	if (n==0)
+-- 
+2.21.0
+
author	A. Wilcox <awilcox@wilcox-tech.com>	2019-06-21 23:38:53 +0000
committer	A. Wilcox <awilcox@wilcox-tech.com>	2019-06-21 23:38:53 +0000
commit	fd45ed897742614bd2867cb46578557beb820026 (patch)
tree	8eaa82bc50ad1a89272b146743ec1544163d48f3 /user/tiff/CVE-2019-7663.patch
parent	86d0de126ffdebdb8cee9581ce51c16a6f20b58b (diff)
parent	332e0a40fabc1c4047a631273e5d5df46cbf4bb2 (diff)
download	packages-fd45ed897742614bd2867cb46578557beb820026.tar.gz packages-fd45ed897742614bd2867cb46578557beb820026.tar.bz2 packages-fd45ed897742614bd2867cb46578557beb820026.tar.xz packages-fd45ed897742614bd2867cb46578557beb820026.zip