Re: CVE-2017-9935 / tiff

To: Roberto C. Sánchez <roberto@debian.org>, debian-lts@lists.debian.org
Subject: Re: CVE-2017-9935 / tiff
From: Brian May <bam@debian.org>
Date: Fri, 17 Nov 2017 15:45:07 +1100
Message-id: <[🔎] 87vai9h5t8.fsf@prune.linuxpenguins.xyz>
In-reply-to: <[🔎] 87y3n5h5zu.fsf@prune.linuxpenguins.xyz>
References: <[🔎] 87375hkh65.fsf@prune.linuxpenguins.xyz> <[🔎] 20171114035243.v5kx2la3nkd2uz4x@connexer.com> <[🔎] 87zi7pic5c.fsf@prune.linuxpenguins.xyz> <[🔎] 87inechxo8.fsf@prune.linuxpenguins.xyz> <[🔎] 871skyhrd0.fsf@prune.linuxpenguins.xyz> <[🔎] 87y3n5h5zu.fsf@prune.linuxpenguins.xyz>

Brian May <bam@debian.org> writes:

> --- tiff-4.0.8.orig/libtiff/tif_dir.c
> +++ tiff-4.0.8/libtiff/tif_dir.c
> @@ -1065,6 +1065,9 @@
>  			if (td->td_samplesperpixel - td->td_extrasamples > 1) {
>  				*va_arg(ap, uint16**) = td->td_transferfunction[1];
>  				*va_arg(ap, uint16**) = td->td_transferfunction[2];
> +			} else {
> +				*va_arg(ap, uint16**) = NULL;
> +				*va_arg(ap, uint16**) = NULL;
>  			}
>  			break;
>  		case TIFFTAG_REFERENCEBLACKWHITE:
>

Not sure if this counts as an API change that requires a SONAME
update. I tend to think that if anything is depending on the 2nd and 3rd
parameter being left uninitialized for certain cases, it is seriously
broken.
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: CVE-2017-9935 / tiff
  - From: Roberto C. Sánchez <roberto@debian.org>

References:
- CVE-2017-9935 / tiff
  - From: Brian May <brian@linuxpenguins.xyz>
- Re: CVE-2017-9935 / tiff
  - From: Roberto C. Sánchez <roberto@debian.org>
- Re: CVE-2017-9935 / tiff
  - From: Brian May <bam@debian.org>
- Re: CVE-2017-9935 / tiff
  - From: Brian May <bam@debian.org>
- Re: CVE-2017-9935 / tiff
  - From: Brian May <bam@debian.org>
- Re: CVE-2017-9935 / tiff
  - From: Brian May <bam@debian.org>

Prev by Date: Re: CVE-2017-9935 / tiff
Next by Date: Re: CVE-2017-9935 / tiff
Previous by thread: Re: CVE-2017-9935 / tiff
Next by thread: Re: CVE-2017-9935 / tiff
Index(es):
- Date
- Thread