rpms / libtiff

Clone
Source Code
GIT

Blame SOURCES/0021-CVE-2022-0561-TIFFFetchStripThing-avoid-calling-memc.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c8
  2.   SOURCES
  3.   0021-CVE-2022-0561-TIFFFetchStripThing-avoid-calling-memc.patch
Blob History Raw
12208d 
From b94f6754796d32e204b874b3660a125973815933 Mon Sep 17 00:00:00 2001
12208d 
From: Even Rouault <even.rouault@spatialys.com>
12208d 
Date: Sun, 6 Feb 2022 13:08:38 +0100
12208d 
Subject: [PATCH] (CVE-2022-0561) TIFFFetchStripThing(): avoid calling memcpy()
12208d 
 with a null source pointer and size of zero (fixes #362)
12208d
12208d 
(cherry picked from commit eecb0712f4c3a5b449f70c57988260a667ddbdef)
12208d 
---
12208d 
 libtiff/tif_dirread.c | 5 +++--
12208d 
 1 file changed, 3 insertions(+), 2 deletions(-)
12208d
12208d 
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
12208d 
index 80aaf8d1..1e6f1c2f 100644
12208d 
--- a/libtiff/tif_dirread.c
12208d 
+++ b/libtiff/tif_dirread.c
12208d 
@@ -5633,8 +5633,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp)
12208d 
 			_TIFFfree(data);
12208d 
 			return(0);
12208d 
 		}
12208d 
-                _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
12208d 
-                _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
12208d 
+		if( dir->tdir_count )
12208d 
+			_TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
12208d 
+		_TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
12208d 
 		_TIFFfree(data);
12208d 
 		data=resizeddata;
12208d 
 	}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation