diff --git a/external/libtiff/0001-ofz-54685-Timeout.patch b/external/libtiff/0001-ofz-54685-Timeout.patch new file mode 100644 index 000000000000..e09b9679f083 --- /dev/null +++ b/external/libtiff/0001-ofz-54685-Timeout.patch @@ -0,0 +1,59 @@ +From caab95ab518aafbc985974098ad806f769c462ea Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= +Date: Fri, 20 Jan 2023 10:41:34 +0000 +Subject: [PATCH] ofz#54685 Timeout + +--- + libtiff/tif_ojpeg.c | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + +diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c +index 0c915de2..27b84611 100644 +--- a/libtiff/tif_ojpeg.c ++++ b/libtiff/tif_ojpeg.c +@@ -1312,6 +1312,34 @@ static int OJPEGReadSecondarySos(TIFF *tif, uint16_t s) + return (1); + } + ++// see also vcl/source/filter/jpeg/jpegc.cxx ++static void emitMessage(j_common_ptr cinfo, int msg_level) ++{ ++ if (msg_level < 0) ++ { ++ // https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf ++ // try to retain some degree of recoverability up to some reasonable ++ // limit (initially using ImageMagick's current limit of 1000), then ++ // bail. ++ const int WarningLimit = 1000; ++#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) ++ // ofz#50452 due to Timeouts, just abandon fuzzing on any ++ // JWRN_NOT_SEQUENTIAL ++ if (cinfo->err->msg_code == JWRN_NOT_SEQUENTIAL) ++ { ++ cinfo->err->error_exit(cinfo); ++ return; ++ } ++#endif ++ if (++cinfo->err->num_warnings > WarningLimit) ++ cinfo->err->error_exit(cinfo); ++ else ++ cinfo->err->output_message(cinfo); ++ } ++ else if (cinfo->err->trace_level >= msg_level) ++ cinfo->err->output_message(cinfo); ++} ++ + static int OJPEGWriteHeaderInfo(TIFF *tif) + { + static const char module[] = "OJPEGWriteHeaderInfo"; +@@ -1327,6 +1355,7 @@ static int OJPEGWriteHeaderInfo(TIFF *tif) + sp->libjpeg_jpeg_error_mgr.output_message = + OJPEGLibjpegJpegErrorMgrOutputMessage; + sp->libjpeg_jpeg_error_mgr.error_exit = OJPEGLibjpegJpegErrorMgrErrorExit; ++ sp->libjpeg_jpeg_error_mgr.emit_message = emitMessage; + sp->libjpeg_jpeg_decompress_struct.err = &(sp->libjpeg_jpeg_error_mgr); + sp->libjpeg_jpeg_decompress_struct.client_data = (void *)tif; + if (jpeg_create_decompress_encap( +-- +2.39.0 + diff --git a/external/libtiff/UnpackedTarball_libtiff.mk b/external/libtiff/UnpackedTarball_libtiff.mk index ce5a3a53d36a..f7eeb6ace868 100644 --- a/external/libtiff/UnpackedTarball_libtiff.mk +++ b/external/libtiff/UnpackedTarball_libtiff.mk @@ -11,10 +11,11 @@ $(eval $(call gb_UnpackedTarball_UnpackedTarball,libtiff)) $(eval $(call gb_UnpackedTarball_set_tarball,libtiff,$(LIBTIFF_TARBALL))) -$(eval $(call gb_UnpackedTarball_set_patchlevel,libtiff,0)) +$(eval $(call gb_UnpackedTarball_set_patchlevel,libtiff,1)) $(eval $(call gb_UnpackedTarball_add_patches,libtiff,\ external/libtiff/libtiff.linknolibs.patch \ + external/libtiff/0001-ofz-54685-Timeout.patch \ )) # vim: set noet sw=4 ts=4: diff --git a/external/libtiff/libtiff.linknolibs.patch b/external/libtiff/libtiff.linknolibs.patch index 0017ca9ca345..bd03af3a708d 100644 --- a/external/libtiff/libtiff.linknolibs.patch +++ b/external/libtiff/libtiff.linknolibs.patch @@ -1,5 +1,5 @@ ---- libtiff/Makefile.in 2022-05-21 15:32:48.069999327 +0100 -+++ libtiff/Makefile.in 2022-05-21 15:32:59.051499293 +0100 +--- a/libtiff/Makefile.in 2022-05-21 15:32:48.069999327 +0100 ++++ b/libtiff/Makefile.in 2022-05-21 15:32:59.051499293 +0100 @@ -372,7 +372,7 @@ LDFLAGS = @LDFLAGS@ LIBDIR = @LIBDIR@ diff --git a/vcl/source/filter/jpeg/jpegc.cxx b/vcl/source/filter/jpeg/jpegc.cxx index a3ce069cccf7..16c98003832f 100644 --- a/vcl/source/filter/jpeg/jpegc.cxx +++ b/vcl/source/filter/jpeg/jpegc.cxx @@ -81,6 +81,7 @@ static void outputMessage (j_common_ptr cinfo) extern "C" { +// see also external/libtiff/0001-ofz-54685-Timeout.patch static void emitMessage (j_common_ptr cinfo, int msg_level) { if (msg_level < 0)