Blame SOURCES/0021-CVE-2022-0561-TIFFFetchStripThing-avoid-calling-memc.patch
|
 |
edc570 |
From b94f6754796d32e204b874b3660a125973815933 Mon Sep 17 00:00:00 2001
|
|
|
edc570 |
From: Even Rouault <even.rouault@spatialys.com>
|
|
|
edc570 |
Date: Sun, 6 Feb 2022 13:08:38 +0100
|
|
|
edc570 |
Subject: [PATCH] (CVE-2022-0561) TIFFFetchStripThing(): avoid calling memcpy()
|
|
|
edc570 |
with a null source pointer and size of zero (fixes #362)
|
|
|
edc570 |
|
|
|
edc570 |
(cherry picked from commit eecb0712f4c3a5b449f70c57988260a667ddbdef)
|
|
|
edc570 |
---
|
|
|
edc570 |
libtiff/tif_dirread.c | 5 +++--
|
|
|
edc570 |
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
edc570 |
|
|
|
edc570 |
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
|
|
|
edc570 |
index 80aaf8d1..1e6f1c2f 100644
|
|
|
edc570 |
--- a/libtiff/tif_dirread.c
|
|
|
edc570 |
+++ b/libtiff/tif_dirread.c
|
|
|
edc570 |
@@ -5633,8 +5633,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp)
|
|
|
edc570 |
_TIFFfree(data);
|
|
|
edc570 |
return(0);
|
|
|
edc570 |
}
|
|
|
edc570 |
- _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
|
|
|
edc570 |
- _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
|
|
|
edc570 |
+ if( dir->tdir_count )
|
|
|
edc570 |
+ _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
|
|
|
edc570 |
+ _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
|
|
|
edc570 |
_TIFFfree(data);
|
|
|
edc570 |
data=resizeddata;
|
|
|
edc570 |
}
|
|
|
edc570 |
--
|
|
|
edc570 |
2.34.1
|
|
|
edc570 |
|