Re: CVE-2017-9935 / tiff
Brian May <bam@debian.org> writes:
> --- tiff-4.0.8.orig/libtiff/tif_dir.c
> +++ tiff-4.0.8/libtiff/tif_dir.c
> @@ -1065,6 +1065,9 @@
> if (td->td_samplesperpixel - td->td_extrasamples > 1) {
> *va_arg(ap, uint16**) = td->td_transferfunction[1];
> *va_arg(ap, uint16**) = td->td_transferfunction[2];
> + } else {
> + *va_arg(ap, uint16**) = NULL;
> + *va_arg(ap, uint16**) = NULL;
> }
> break;
> case TIFFTAG_REFERENCEBLACKWHITE:
>
Not sure if this counts as an API change that requires a SONAME
update. I tend to think that if anything is depending on the 2nd and 3rd
parameter being left uninitialized for certain cases, it is seriously
broken.
--
Brian May <bam@debian.org>
Reply to: