[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2017-9935 / tiff

Looks like this patch is required first, before fixing the problem I
referred to earlier, otherwise we use pointers in tiff2pdf that were
never initialized. At least for the version in wheezy.

Another solution would ensure the values are NULL before calling
TIFFGetField - this would mean we only update the client and not the
library. However I tend to think the correct solution lies in the
library.

(actually I wonder if that if statement is even required... but keeping
changes minimal here)

--- tiff-4.0.8.orig/libtiff/tif_dir.c
+++ tiff-4.0.8/libtiff/tif_dir.c
@@ -1065,6 +1065,9 @@
 			if (td->td_samplesperpixel - td->td_extrasamples > 1) {
 				*va_arg(ap, uint16**) = td->td_transferfunction[1];
 				*va_arg(ap, uint16**) = td->td_transferfunction[2];
+			} else {
+				*va_arg(ap, uint16**) = NULL;
+				*va_arg(ap, uint16**) = NULL;
 			}
 			break;
 		case TIFFTAG_REFERENCEBLACKWHITE:

-- 
Brian May <bam@debian.org>
Reply to: