LibTiff Mailing List
TIFF and LibTiff Mailing List Archive
December 2010
Previous Thread
Next Thread
Previous by Thread
Next by Thread
Previous by Date
Next by Date
Contact
The TIFF Mailing List Homepage
This list is run by Frank Warmerdam
Archive maintained by AWare Systems
Thread
2010.12.06 20:09 "Re: Security vulnerability CVE-2010-3847", by Tom Lane
Lee Howard <faxguy@howardsilvan.com> writes: > I've just now committed the in-line patch found on... > http://bugzilla.maptools.org/show_bug.cgi?id=2228 I find the patch given in #2228 pretty unsatisfactory, as it's throwing away image quality to produce what seems no better than a cargo-cult solution to the problem. Turning off fancy upsampling doesn't affect the number of output pixels libjpeg produces. It would cause it to not *read* adjacent rows for averaging purposes, but if that causes a segfault then your problem is elsewhere. It is certainly not fixing the problem explained in #2140, which is that the required output buffer size is underestimated. > ... I'm not sure if that small change resolves CVE-2010-3087. The > various distros are using Tom Lane's patch on... > http://bugzilla.maptools.org/show_bug.cgi?id=2140 > ... as a resolution to CVE-2010-3087. > You can see on the bug report that Frank seemed to object to Tom's > proposal on Bug 2140, so I think for the moment we're stuck there > needing some further response from Frank on this. (Frank?) For the record, *I* don't much like that patch either :-). I think it's OK for the limited purpose of stopping core dumps, but it's far from resolving all the issues complained of in #2140. regards, tom lane