[jackhill/guix/guix.git] / gnu / packages / patches / libtiff-divide-by-zero-tiffcp.patch

Fix two divide-by-zero bugs in readSeparateTilesIntoBuffer():

http://bugzilla.maptools.org/show_bug.cgi?id=2597
http://bugzilla.maptools.org/show_bug.cgi?id=2607

2016-12-03 Even Rouault <even.rouault at spatialys.com>

        * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
tag is
        missing.
        Reported by Agostino sarubbo.
        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2597

/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
new revision: 1.1183; previous revision: 1.1182
/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
new revision: 1.57; previous revision: 1.56

Index: libtiff/tools/tiffcp.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -r1.56 -r1.57
--- libtiff/tools/tiffcp.c	2 Dec 2016 22:13:32 -0000	1.56
+++ libtiff/tools/tiffcp.c	3 Dec 2016 14:42:40 -0000	1.57
@@ -1,4 +1,4 @@
-/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */
+/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */
 
 /*
  * Copyright (c) 1988-1997 Sam Leffler
@@ -1378,7 +1378,7 @@
 	uint8* bufp = (uint8*) buf;
 	uint32 tw, tl;
 	uint32 row;
-	uint16 bps, bytes_per_sample;
+	uint16 bps = 0, bytes_per_sample;
 
 	tilebuf = _TIFFmalloc(tilesize);
 	if (tilebuf == 0)
@@ -1387,6 +1387,12 @@
 	(void) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw);
 	(void) TIFFGetField(in, TIFFTAG_TILELENGTH, &tl);
 	(void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
+        if( bps == 0 )
+        {
+            TIFFError(TIFFFileName(in), "Error, cannot read BitsPerSample");
+            status = 0;
+            goto done;
+        }
 	assert( bps % 8 == 0 );
 	bytes_per_sample = bps/8;

2016-12-03 Even Rouault <even.rouault at spatialys.com>

        * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
tag is
        missing.
        Reported by Agostino Sarubbo.
        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2607


/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
new revision: 1.1186; previous revision: 1.1185
/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
new revision: 1.58; previous revision: 1.57
 
Index: libtiff/tools/tiffcp.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- libtiff/tools/tiffcp.c	3 Dec 2016 14:42:40 -0000	1.57
+++ libtiff/tools/tiffcp.c	3 Dec 2016 15:44:15 -0000	1.58
@@ -1,4 +1,4 @@
-/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */
+/* $Id: tiffcp.c,v 1.58 2016-12-03 15:44:15 erouault Exp $ */
 
 /*
  * Copyright (c) 1988-1997 Sam Leffler
@@ -1569,7 +1569,7 @@
 	uint8* bufp = (uint8*) buf;
 	uint32 tl, tw;
 	uint32 row;
-	uint16 bps, bytes_per_sample;
+	uint16 bps = 0, bytes_per_sample;
 
 	obuf = _TIFFmalloc(TIFFTileSize(out));
 	if (obuf == NULL)
@@ -1578,6 +1578,12 @@
 	(void) TIFFGetField(out, TIFFTAG_TILELENGTH, &tl);
 	(void) TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw);
 	(void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
+        if( bps == 0 )
+        {
+            TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample");
+            _TIFFfree(obuf);
+            return 0;
+        }
 	assert( bps % 8 == 0 );
 	bytes_per_sample = bps/8;
Commit	Line	Data
4b96149d LF	1	Fix two divide-by-zero bugs in readSeparateTilesIntoBuffer():
	2
	3	http://bugzilla.maptools.org/show_bug.cgi?id=2597
	4	http://bugzilla.maptools.org/show_bug.cgi?id=2607
	5
	6	2016-12-03 Even Rouault <even.rouault at spatialys.com>
	7
	8	* tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
	9	tag is
	10	missing.
	11	Reported by Agostino sarubbo.
	12	Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2597
	13
	14	/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
	15	new revision: 1.1183; previous revision: 1.1182
	16	/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c
	17	new revision: 1.57; previous revision: 1.56
	18
	19	Index: libtiff/tools/tiffcp.c
	20	===================================================================
	21	RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
	22	retrieving revision 1.56
	23	retrieving revision 1.57
	24	diff -u -r1.56 -r1.57
	25	--- libtiff/tools/tiffcp.c 2 Dec 2016 22:13:32 -0000 1.56
	26	+++ libtiff/tools/tiffcp.c 3 Dec 2016 14:42:40 -0000 1.57
	27	@@ -1,4 +1,4 @@
	28	-/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */
	29	+/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */
	30
	31	/*
	32	* Copyright (c) 1988-1997 Sam Leffler
	33	@@ -1378,7 +1378,7 @@
	34	uint8* bufp = (uint8*) buf;
	35	uint32 tw, tl;
	36	uint32 row;
	37	- uint16 bps, bytes_per_sample;
	38	+ uint16 bps = 0, bytes_per_sample;
	39
	40	tilebuf = _TIFFmalloc(tilesize);
	41	if (tilebuf == 0)
	42	@@ -1387,6 +1387,12 @@
	43	(void) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw);
	44	(void) TIFFGetField(in, TIFFTAG_TILELENGTH, &tl);
	45	(void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
	46	+ if( bps == 0 )
	47	+ {
	48	+ TIFFError(TIFFFileName(in), "Error, cannot read BitsPerSample");
	49	+ status = 0;
	50	+ goto done;
	51	+ }
	52	assert( bps % 8 == 0 );
	53	bytes_per_sample = bps/8;
	54
	55	2016-12-03 Even Rouault <even.rouault at spatialys.com>
	56
	57	* tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
	58	tag is
	59	missing.
	60	Reported by Agostino Sarubbo.
	61	Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2607
	62
	63
	64	/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
65	new revision: 1.1186; previous revision: 1.1185
66	/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c
67	new revision: 1.58; previous revision: 1.57
68
69	Index: libtiff/tools/tiffcp.c
70	===================================================================
71	RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
72	retrieving revision 1.57
73	retrieving revision 1.58
74	diff -u -r1.57 -r1.58
75	--- libtiff/tools/tiffcp.c 3 Dec 2016 14:42:40 -0000 1.57
76	+++ libtiff/tools/tiffcp.c 3 Dec 2016 15:44:15 -0000 1.58
77	@@ -1,4 +1,4 @@
78	-/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */
79	+/* $Id: tiffcp.c,v 1.58 2016-12-03 15:44:15 erouault Exp $ */
80
81	/*
82	* Copyright (c) 1988-1997 Sam Leffler
83	@@ -1569,7 +1569,7 @@
84	uint8* bufp = (uint8*) buf;
85	uint32 tl, tw;
86	uint32 row;
87	- uint16 bps, bytes_per_sample;
88	+ uint16 bps = 0, bytes_per_sample;
89
90	obuf = _TIFFmalloc(TIFFTileSize(out));
91	if (obuf == NULL)
92	@@ -1578,6 +1578,12 @@
93	(void) TIFFGetField(out, TIFFTAG_TILELENGTH, &tl);
94	(void) TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw);
95	(void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
96	+ if( bps == 0 )
97	+ {
98	+ TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample");
99	+ _TIFFfree(obuf);
100	+ return 0;
101	+ }
102	assert( bps % 8 == 0 );
103	bytes_per_sample = bps/8;
104