guix/gnu/packages/patches/libtiff-CVE-2014-8128-pt1.patch

Copied from Debian

From 3206e0c752a62da1ae606867113ed3bf9bf73306 Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Sun, 21 Dec 2014 19:53:59 +0000
Subject: [PATCH] * tools/thumbnail.c: fix out-of-buffer write
 http://bugzilla.maptools.org/show_bug.cgi?id=2489 (CVE-2014-8128)

---
 ChangeLog         | 5 +++++
 tools/thumbnail.c | 8 +++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/tools/thumbnail.c b/tools/thumbnail.c
index fab63f6..c50bbff 100644
--- a/tools/thumbnail.c
+++ b/tools/thumbnail.c
@@ -568,7 +568,13 @@ setImage1(const uint8* br, uint32 rw, uint32 rh)
 	    err -= limit;
 	    sy++;
 	    if (err >= limit)
-		rows[nrows++] = br + bpr*sy;
+		{
+			/* We should perhaps error loudly, but I can't make sense of that */
+			/* code... */
+			if( nrows == 256 )
+				break;
+			rows[nrows++] = br + bpr*sy;
+		}
 	}
 	setrow(row, nrows, rows);
 	row += tnw;
gnu: libtiff: Add fixes for several CVEs. * gnu/packages/patches/libtiff-CVE-2012-4564.patch, gnu/packages/patches/libtiff-CVE-2013-1960.patch, gnu/packages/patches/libtiff-CVE-2013-1961.patch, gnu/packages/patches/libtiff-CVE-2013-4231.patch, gnu/packages/patches/libtiff-CVE-2013-4232.patch, gnu/packages/patches/libtiff-CVE-2013-4243.patch, gnu/packages/patches/libtiff-CVE-2013-4244.patch, gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch, gnu/packages/patches/libtiff-CVE-2014-8127-pt2.patch, gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch, gnu/packages/patches/libtiff-CVE-2014-8127-pt4.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt1.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt2.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt3.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt4.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt5.patch, gnu/packages/patches/libtiff-CVE-2014-8129.patch, gnu/packages/patches/libtiff-CVE-2014-9330.patch, gnu/packages/patches/libtiff-CVE-2014-9655.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/image.scm (libtiff)[source]: Add patches. 2015-06-16 04:59:15 +00:00			`Copied from Debian`

			`From 3206e0c752a62da1ae606867113ed3bf9bf73306 Mon Sep 17 00:00:00 2001`
			`From: erouault <erouault>`
			`Date: Sun, 21 Dec 2014 19:53:59 +0000`
			`Subject: [PATCH] * tools/thumbnail.c: fix out-of-buffer write`
			`http://bugzilla.maptools.org/show_bug.cgi?id=2489 (CVE-2014-8128)`

			`---`
			`ChangeLog \| 5 +++++`
			`tools/thumbnail.c \| 8 +++++++-`
			`2 files changed, 12 insertions(+), 1 deletion(-)`

			`diff --git a/tools/thumbnail.c b/tools/thumbnail.c`
			`index fab63f6..c50bbff 100644`
			`--- a/tools/thumbnail.c`
			`+++ b/tools/thumbnail.c`
			`@@ -568,7 +568,13 @@ setImage1(const uint8* br, uint32 rw, uint32 rh)`
			`err -= limit;`
			`sy++;`
			`if (err >= limit)`
			`- rows[nrows++] = br + bpr*sy;`
			`+ {`
			`+ /* We should perhaps error loudly, but I can't make sense of that */`
			`+ /* code... */`
			`+ if( nrows == 256 )`
			`+ break;`
			`+ rows[nrows++] = br + bpr*sy;`
			`+ }`
			`}`
			`setrow(row, nrows, rows);`
			`row += tnw;`