Blame SOURCES/0028-CVE-2022-0908-TIFFFetchNormalTag-avoid-calling-memcp.patch
|
 |
edc570 |
From e1ee7d9aa1936d5d2f8c7e1a453ad669ed6b38dd Mon Sep 17 00:00:00 2001
|
|
|
edc570 |
From: Even Rouault <even.rouault@spatialys.com>
|
|
|
edc570 |
Date: Thu, 17 Feb 2022 15:28:43 +0100
|
|
|
edc570 |
Subject: [PATCH] (CVE-2022-0908) TIFFFetchNormalTag(): avoid calling memcpy()
|
|
|
edc570 |
with a null source pointer and size of zero (fixes #383)
|
|
|
edc570 |
|
|
|
edc570 |
(cherry picked from commit a95b799f65064e4ba2e2dfc206808f86faf93e85)
|
|
|
edc570 |
---
|
|
|
edc570 |
libtiff/tif_dirread.c | 5 ++++-
|
|
|
edc570 |
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
edc570 |
|
|
|
edc570 |
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
|
|
|
edc570 |
index d68aecc5..b72e6a3b 100644
|
|
|
edc570 |
--- a/libtiff/tif_dirread.c
|
|
|
edc570 |
+++ b/libtiff/tif_dirread.c
|
|
|
edc570 |
@@ -4972,7 +4972,10 @@ TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover)
|
|
|
edc570 |
_TIFFfree(data);
|
|
|
edc570 |
return(0);
|
|
|
edc570 |
}
|
|
|
edc570 |
- _TIFFmemcpy(o,data,(uint32)dp->tdir_count);
|
|
|
edc570 |
+ if (dp->tdir_count > 0 )
|
|
|
edc570 |
+ {
|
|
|
edc570 |
+ _TIFFmemcpy(o,data,(uint32)dp->tdir_count);
|
|
|
edc570 |
+ }
|
|
|
edc570 |
o[(uint32)dp->tdir_count]=0;
|
|
|
edc570 |
if (data!=0)
|
|
|
edc570 |
_TIFFfree(data);
|
|
|
edc570 |
--
|
|
|
edc570 |
2.34.1
|
|
|
edc570 |
|