Fix CVE-2016-5323.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5323
http://bugzilla.maptools.org/show_bug.cgi?id=2559
Patch extracted from upstream CVS repo with:
$ cvs diff -u -r1.36 -r1.37 tools/tiffcrop.c
Index: tools/tiffcrop.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- libtiff/tools/tiffcrop.c 11 Jul 2016 21:26:03 -0000 1.36
+++ libtiff/tools/tiffcrop.c 11 Jul 2016 21:38:31 -0000 1.37
@@ -3738,7 +3738,7 @@
matchbits = maskbits << (8 - src_bit - bps);
/* load up next sample from each plane */
- for (s = 0; s < spp; s++)
+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
{
src = in[s] + src_offset + src_byte;
buff1 = ((*src) & matchbits) << (src_bit);
@@ -3837,7 +3837,7 @@
src_bit = bit_offset % 8;
matchbits = maskbits << (16 - src_bit - bps);
- for (s = 0; s < spp; s++)
+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
{
src = in[s] + src_offset + src_byte;
if (little_endian)
@@ -3947,7 +3947,7 @@
src_bit = bit_offset % 8;
matchbits = maskbits << (32 - src_bit - bps);
- for (s = 0; s < spp; s++)
+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
{
src = in[s] + src_offset + src_byte;
if (little_endian)
@@ -4073,7 +4073,7 @@
src_bit = bit_offset % 8;
matchbits = maskbits << (64 - src_bit - bps);
- for (s = 0; s < spp; s++)
+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
{
src = in[s] + src_offset + src_byte;
if (little_endian)
@@ -4263,7 +4263,7 @@
matchbits = maskbits << (8 - src_bit - bps);
/* load up next sample from each plane */
- for (s = 0; s < spp; s++)
+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
{
src = in[s] + src_offset + src_byte;
buff1 = ((*src) & matchbits) << (src_bit);
@@ -4362,7 +4362,7 @@
src_bit = bit_offset % 8;
matchbits = maskbits << (16 - src_bit - bps);
- for (s = 0; s < spp; s++)
+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
{
src = in[s] + src_offset + src_byte;
if (little_endian)
@@ -4471,7 +4471,7 @@
src_bit = bit_offset % 8;
matchbits = maskbits << (32 - src_bit - bps);
- for (s = 0; s < spp; s++)
+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
{
src = in[s] + src_offset + src_byte;
if (little_endian)
@@ -4597,7 +4597,7 @@
src_bit = bit_offset % 8;
matchbits = maskbits << (64 - src_bit - bps);
- for (s = 0; s < spp; s++)
+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
{
src = in[s] + src_offset + src_byte;
if (little_endian)
x/commit/tests/ui.scm?id=fa99c4bbc7acdb8def9ce14a05aacb73f99fe3b1'>ui: (size->number "1.M") is correctly parsed....| Ludovic Courtès |
| 2019-09-19 | ui: 'relevance' connects regexps with a logical and.... | zimoun |
| 2019-06-27 | ui: 'relevance' considers regexps connected with a logical and.... | Ludovic Courtès |
| 2017-05-10 | ui: 'string->duration' correctly handles hours.... | Ludovic Courtès |
| 2017-03-08 | ui: Don't use '%default-port-encoding' to set the encoding of string ports.... | Ludovic Courtès |
| 2016-06-09 | ui: 'string->duration' supports hours and seconds.... | Ludovic Courtès |
| 2016-04-03 | build: Add a Guile custom test driver using SRFI-64.... | Mathieu Lirzin |
| 2016-03-02 | utils: Use '@' for separating package names and version numbers.... | Mathieu Lirzin |
| 2015-09-24 | ui: Gracefully handle Unicode description strings.... | Ludovic Courtès |
| 2015-09-18 | Add (guix scripts).... | Alex Kost |
| 2015-02-26 | ui: Honor --no-* options passed via $GUIX_BUILD_OPTIONS.... | Ludovic Courtès |
| 2015-02-26 | ui: Factorize command-line + env. var. option parsing.... | Ludovic Courtès |
| 2015-02-08 | ui: Simplify 'show-manifest-transaction' test.... | Ludovic Courtès |
| 2014-10-10 | ui: Move 'show-manifest-transaction' from (guix profiles).... | Alex Kost |
| 2014-10-03 | ui: Recognize the same size units as Coreutils.... | Ludovic Courtès |
| 2014-08-11 | ui: Fix handling of periods by fill-paragraph.... | Cyrill Schenkel |