Blame SOURCES/libtiff-tiffinfo-exif.patch

6456d8
Teach "tiffinfo -D" to not try to print image data inside an EXIF subdirectory,
6456d8
because there isn't any.  Back-patched from an upstream 4.0.2 fix.
6456d8
6456d8
This is not a security issue in itself (it crashes, but with a simple NULL
6456d8
pointer dereference).  However, our test case for CVE-2012-5581 tickles this
6456d8
bug, so it seems easier to fix this than make a new test case.
6456d8
6456d8
6456d8
diff -Naur tiff-3.9.4.orig/tools/tiffinfo.c tiff-3.9.4/tools/tiffinfo.c
6456d8
--- tiff-3.9.4.orig/tools/tiffinfo.c	2010-06-08 14:50:44.000000000 -0400
6456d8
+++ tiff-3.9.4/tools/tiffinfo.c	2012-12-11 16:33:17.062228558 -0500
6456d8
@@ -49,7 +49,7 @@
6456d8
 int	stoponerr = 1;			/* stop on first read error */
6456d8
 
6456d8
 static	void usage(void);
6456d8
-static	void tiffinfo(TIFF*, uint16, long);
6456d8
+static	void tiffinfo(TIFF*, uint16, long, int);
6456d8
 
6456d8
 int
6456d8
 main(int argc, char* argv[])
6456d8
@@ -124,19 +124,20 @@
6456d8
 		if (tif != NULL) {
6456d8
 			if (dirnum != -1) {
6456d8
 				if (TIFFSetDirectory(tif, (tdir_t) dirnum))
6456d8
-					tiffinfo(tif, order, flags);
6456d8
+					tiffinfo(tif, order, flags, 1);
6456d8
 			} else if (diroff != 0) {
6456d8
 				if (TIFFSetSubDirectory(tif, diroff))
6456d8
-					tiffinfo(tif, order, flags);
6456d8
+					tiffinfo(tif, order, flags, 1);
6456d8
 			} else {
6456d8
 				do {
6456d8
 					uint32 offset;
6456d8
 
6456d8
-					tiffinfo(tif, order, flags);
6456d8
+					tiffinfo(tif, order, flags, 1);
6456d8
 					if (TIFFGetField(tif, TIFFTAG_EXIFIFD,
6456d8
 							 &offset)) {
6456d8
-						if (TIFFReadEXIFDirectory(tif, offset))
6456d8
-							tiffinfo(tif, order, flags);
6456d8
+						if (TIFFReadEXIFDirectory(tif, offset)) {
6456d8
+							tiffinfo(tif, order, flags, 0);
6456d8
+						}
6456d8
 					}
6456d8
 				} while (TIFFReadDirectory(tif));
6456d8
 			}
6456d8
@@ -426,10 +427,10 @@
6456d8
 }
6456d8
 
6456d8
 static void
6456d8
-tiffinfo(TIFF* tif, uint16 order, long flags)
6456d8
+tiffinfo(TIFF* tif, uint16 order, long flags, int is_image)
6456d8
 {
6456d8
 	TIFFPrintDirectory(tif, stdout, flags);
6456d8
-	if (!readdata)
6456d8
+	if (!readdata || !is_image)
6456d8
 		return;
6456d8
 	if (rawdata) {
6456d8
 		if (order) {