LibTIFF: remove a couple of patches
This CL removes two patches that correspond to non-security CF bugs.
There are now only a few patches left: two patches to prevent overflow
in _TIFFCheckRealloc (overflows here are dangerous as they can cause
heap-buffer-overflows), one patch to prevent integer overflows which CF
reported as a security issue, and one recent upstream patch (which would
be removed in the next LibTIFF upgrade).
Next steps:
* Figure out how to reproduce the security issue from _TIFFCheckRealloc
(samples from the bugs seem to just timeout on asan) and report bug
upstream once it's confirmed that a change is needed.
* Ditto integer overflow, except it was already reported upstream, so
ping upstream once reproduction without the patch is possible again.
Change-Id: I6f9096a6e69698d5ded6a59c4aca5e07b351e716
Reviewed-on: https://pdfium-review.googlesource.com/8532
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
diff --git a/third_party/libtiff/0005-Leak-TIFFFetchStripThing.patch b/third_party/libtiff/0005-Leak-TIFFFetchStripThing.patch
deleted file mode 100644
index 0f9b168..0000000
--- a/third_party/libtiff/0005-Leak-TIFFFetchStripThing.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/third_party/libtiff/tif_dirread.c b/third_party/libtiff/tif_dirread.c
-index a0dc68b..5ef3264 100644
---- a/third_party/libtiff/tif_dirread.c
-+++ b/third_party/libtiff/tif_dirread.c
-@@ -5372,6 +5372,8 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp)
- static const char module[] = "TIFFFetchStripThing";
- enum TIFFReadDirEntryErr err;
- uint64* data;
-+ _TIFFfree(*lpp);
-+ *lpp = 0;
- err=TIFFReadDirEntryLong8Array(tif,dir,&data);
- if (err!=TIFFReadDirEntryErrOk)
- {
diff --git a/third_party/libtiff/0007-uninitialized-value.patch b/third_party/libtiff/0007-uninitialized-value.patch
deleted file mode 100644
index f6e9806..0000000
--- a/third_party/libtiff/0007-uninitialized-value.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/third_party/libtiff/tif_dirread.c b/third_party/libtiff/tif_dirread.c
-index 5ef3264..bc41021 100644
---- a/third_party/libtiff/tif_dirread.c
-+++ b/third_party/libtiff/tif_dirread.c
-@@ -4443,7 +4443,7 @@ TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir,
- static const char module[] = "TIFFFetchDirectory";
-
- void* origdir;
-- uint16 dircount16;
-+ uint16 dircount16 = 0;
- uint32 dirsize;
- TIFFDirEntry* dir;
- uint8* ma;
diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium
index 285a628..d881207 100644
--- a/third_party/libtiff/README.pdfium
+++ b/third_party/libtiff/README.pdfium
@@ -11,9 +11,7 @@
0000-build-config.patch: Local build configuration changes.
0001-build-config.patch: Enable HAVE_SEARCH_H in tiffconf.h for VS 2015
-0005-Leak-TIFFFetchStripThing.patch: Fix a memory leak
0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch: Fix a heap buffer overflow
-0007-uninitialized-value.patch: Fix potentially uninitialized dircount value
0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch: Fix a heap buffer overflow
0017-safe_skews_in_gtTileContig.patch: return error if to/from skews overflow from int32.
0025-upstream-OOM-gtTileContig: allocates the decoded buffer only after a first successful TIFFFillStrip.
diff --git a/third_party/libtiff/tif_dirread.c b/third_party/libtiff/tif_dirread.c
index 385ed12..772ebaf 100644
--- a/third_party/libtiff/tif_dirread.c
+++ b/third_party/libtiff/tif_dirread.c
@@ -4491,7 +4491,7 @@
static const char module[] = "TIFFFetchDirectory";
void* origdir;
- uint16 dircount16 = 0;
+ uint16 dircount16;
uint32 dirsize;
TIFFDirEntry* dir;
uint8* ma;
@@ -5429,8 +5429,6 @@
static const char module[] = "TIFFFetchStripThing";
enum TIFFReadDirEntryErr err;
uint64* data;
- _TIFFfree(*lpp);
- *lpp = 0;
err=TIFFReadDirEntryLong8Array(tif,dir,&data);
if (err!=TIFFReadDirEntryErrOk)
{
