[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2017-9935 / tiff



Brian May <bam@debian.org> writes:

> --- tiff-4.0.8.orig/libtiff/tif_dir.c
> +++ tiff-4.0.8/libtiff/tif_dir.c
> @@ -1065,6 +1065,9 @@
>  			if (td->td_samplesperpixel - td->td_extrasamples > 1) {
>  				*va_arg(ap, uint16**) = td->td_transferfunction[1];
>  				*va_arg(ap, uint16**) = td->td_transferfunction[2];
> +			} else {
> +				*va_arg(ap, uint16**) = NULL;
> +				*va_arg(ap, uint16**) = NULL;
>  			}
>  			break;
>  		case TIFFTAG_REFERENCEBLACKWHITE:
>

Not sure if this counts as an API change that requires a SONAME
update. I tend to think that if anything is depending on the 2nd and 3rd
parameter being left uninitialized for certain cases, it is seriously
broken.
-- 
Brian May <bam@debian.org>


Reply to: