Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(106)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2453253003: libtiff: Prevent a buffer overflow in function PixarLogDecode. (Closed)

Created:
4 years, 1 month ago by Ke Liu
Modified:
4 years, 1 month ago
Reviewers:
Lei Zhang, dsinclair
CC:
pdfium-reviews_googlegroups.com
Target Ref:
refs/heads/master
Project:
pdfium
Visibility:
Public.

Description

libtiff: Prevent a buffer overflow in function PixarLogDecode. Fix potential buffer write overrun in PixarLogDecode() on corrupted/unexpected images. The issue has been fixed in upstream (libtiff revision 1.44, author: erouault, commitid: 2SqWSFG5a8Ewffcz, date: 2016-06-28 23:12:19 +0800). This CL applies the official patch to tif_pixarlog.c. BUG=chromium:654172 R=dsinclair@chromium.org, thestig@chromium.org Committed: https://pdfium.googlesource.com/pdfium/+/8b67b19d7e6dfb8984cc9c92ef59a81cb4edaa77

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+42 lines, -0 lines) Patch
A third_party/libtiff/0009-HeapBufferOverflow-PixarLogDecode.patch View 1 chunk +33 lines, -0 lines 0 comments Download
M third_party/libtiff/README.pdfium View 1 chunk +1 line, -0 lines 0 comments Download
M third_party/libtiff/tif_pixarlog.c View 3 chunks +8 lines, -0 lines 0 comments Download

Messages

Total messages: 15 (7 generated)
Ke Liu
The issue has been fixed in upstream CVS repository on Jun 28. This CL applies ...
4 years, 1 month ago (2016-10-27 05:01:50 UTC) #2
Lei Zhang
Let me see if the trybots like it, because the next change to tif_pixarlog.c is ...
4 years, 1 month ago (2016-10-27 05:27:38 UTC) #5
Lei Zhang
lgtm
4 years, 1 month ago (2016-10-27 05:39:49 UTC) #8
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2453253003/1
4 years, 1 month ago (2016-10-27 05:40:19 UTC) #10
commit-bot: I haz the power
Committed patchset #1 (id:1) as https://pdfium.googlesource.com/pdfium/+/8b67b19d7e6dfb8984cc9c92ef59a81cb4edaa77
4 years, 1 month ago (2016-10-27 05:40:41 UTC) #12
Lei Zhang
... and a bot config not covered by the trybots fail with a signed/unsigned error. ...
4 years, 1 month ago (2016-10-27 05:46:09 UTC) #13
Lei Zhang
On 2016/10/27 05:46:09, Lei Zhang wrote: > ... and a bot config not covered by ...
4 years, 1 month ago (2016-10-27 05:53:17 UTC) #14
Ke Liu
4 years, 1 month ago (2016-10-27 06:46:45 UTC) #15
Message was sent while issue was closed. 
On 2016/10/27 05:27:38, Lei Zhang wrote:
> Let me see if the trybots like it, because the next change to tif_pixarlog.c
is
> to fix a signed/unsigned comparison warning.
> 
> Also, it's strange to use CVS in 2016.

Hello Lei, I did not notice the next fix, thanks for your follow up CL.

I think it's weird too. It's my first time using the CVS :)

Powered by Google App Engine
This is Rietveld 408576698