Blame SOURCES/0022-CVE-2022-0562-TIFFReadDirectory-avoid-calling-memcpy.patch
|
 |
edc570 |
From b7426cc131d837de8d139b8007f66f9db59c4f6a Mon Sep 17 00:00:00 2001
|
|
|
edc570 |
From: Even Rouault <even.rouault@spatialys.com>
|
|
|
edc570 |
Date: Sat, 5 Feb 2022 20:36:41 +0100
|
|
|
edc570 |
Subject: [PATCH] (CVE-2022-0562) TIFFReadDirectory(): avoid calling memcpy()
|
|
|
edc570 |
with a null source pointer and size of zero (fixes #362)
|
|
|
edc570 |
|
|
|
edc570 |
(cherry picked from commit 561599c99f987dc32ae110370cfdd7df7975586b)
|
|
|
edc570 |
---
|
|
|
edc570 |
libtiff/tif_dirread.c | 3 ++-
|
|
|
edc570 |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
edc570 |
|
|
|
edc570 |
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
|
|
|
edc570 |
index 1e6f1c2f..d68aecc5 100644
|
|
|
edc570 |
--- a/libtiff/tif_dirread.c
|
|
|
edc570 |
+++ b/libtiff/tif_dirread.c
|
|
|
edc570 |
@@ -4083,7 +4083,8 @@ TIFFReadDirectory(TIFF* tif)
|
|
|
edc570 |
goto bad;
|
|
|
edc570 |
}
|
|
|
edc570 |
|
|
|
edc570 |
- memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
|
|
|
edc570 |
+ if (old_extrasamples > 0)
|
|
|
edc570 |
+ memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
|
|
|
edc570 |
_TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
|
|
|
edc570 |
_TIFFfree(new_sampleinfo);
|
|
|
edc570 |
}
|
|
|
edc570 |
--
|
|
|
edc570 |
2.34.1
|
|
|
edc570 |
|