third_party/libtiff/0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch - Issue 2284063002: Fix for #618267. Adding a method to determine if multiplication has

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/libtiff/0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch

Issue 2284063002: Fix for #618267. Adding a method to determine if multiplication has (Closed)

Patch Set: creating a patch and modifying readme for libtiff Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 diff --git a/core/fxcodec/codec/fx_codec_tiff.cpp b/core/fxcodec/codec/fx_codec_ tiff.cpp

	2 index 09cfea4..20fda63 100644

	3 --- a/core/fxcodec/codec/fx_codec_tiff.cpp

	4 +++ b/core/fxcodec/codec/fx_codec_tiff.cpp

	5 @@ -79,6 +79,10 @@ int _TIFFmemcmp(const void* ptr1, const void* ptr2, tmsize_t size) {

	6 return FXSYS_memcmp(ptr1, ptr2, (size_t)size);

	7 }

	8

	9 +int _TIFFIfMultiplicationOverflow(tmsize_t op1, tmsize_t op2) {

	10 + return op1 > std::numeric_limits<tmsize_t>::max() / op2;

	11 +}

	12 +

	13 TIFFErrorHandler _TIFFwarningHandler = nullptr;

	14 TIFFErrorHandler _TIFFerrorHandler = nullptr;

	15

	16 diff --git a/third_party/libtiff/tif_aux.c b/third_party/libtiff/tif_aux.c

	17 index 927150a..3ce3680 100644

	18 --- a/third_party/libtiff/tif_aux.c

	19 +++ b/third_party/libtiff/tif_aux.c

	20 @@ -69,7 +69,7 @@ _TIFFCheckRealloc(TIFF* tif, void* buffer,

	21 /*

	22 * XXX: Check for integer overflow.

	23 */

	24 - if (nmemb && elem_size && bytes / elem_size == nmemb)

	25 + if (nmemb && elem_size && !_TIFFIfMultiplicationOverflow(nmemb, elem_siz e))

	26 cp = _TIFFrealloc(buffer, bytes);

	27

	28 if (cp == NULL) {

	29 diff --git a/third_party/libtiff/tiffio.h b/third_party/libtiff/tiffio.h

	30 index 038b670..056aed2 100644

	31 --- a/third_party/libtiff/tiffio.h

	32 +++ b/third_party/libtiff/tiffio.h

	33 @@ -298,6 +298,7 @@ extern void _TIFFmemset(void* p, int v, tmsize_t c);

	34 extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);

	35 extern int _TIFFmemcmp(const void* p1, const void* p2, tmsize_t c);

	36 extern void _TIFFfree(void* p);

	37 +extern int _TIFFIfMultiplicationOverflow(tmsize_t op1, tmsize_t op2);

	38

	39 /*

	40 ** Stuff, related to tag handling and creating custom tags.

OLD	NEW

« no previous file with comments | « core/fxcodec/codec/fx_codec_tiff.cpp ('k') | third_party/libtiff/README.pdfium » ('j') | no next file with comments »