diff options
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files/CVE-2022-0907.patch')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2022-0907.patch | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-0907.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-0907.patch new file mode 100644 index 0000000000..da3ead5481 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-0907.patch | |||
@@ -0,0 +1,94 @@ | |||
1 | From 40b00cfb32256d377608b4d4cd30fac338d0a0bc Mon Sep 17 00:00:00 2001 | ||
2 | From: Augustus <wangdw.augustus@qq.com> | ||
3 | Date: Mon, 7 Mar 2022 18:21:49 +0800 | ||
4 | Subject: [PATCH] add checks for return value of limitMalloc (#392) | ||
5 | |||
6 | CVE: CVE-2022-0907 | ||
7 | Upstream-Status: Backport [https://sources.debian.org/src/tiff/4.1.0+git191117-2%7Edeb10u4/debian/patches/CVE-2022-0907.patch/] | ||
8 | Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> | ||
9 | Comment: No change in any hunk | ||
10 | |||
11 | --- | ||
12 | tools/tiffcrop.c | 33 +++++++++++++++++++++------------ | ||
13 | 1 file changed, 21 insertions(+), 12 deletions(-) | ||
14 | |||
15 | diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c | ||
16 | index f2e5474a..9b8acc7e 100644 | ||
17 | --- a/tools/tiffcrop.c | ||
18 | +++ b/tools/tiffcrop.c | ||
19 | @@ -7337,7 +7337,11 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr) | ||
20 | if (!sect_buff) | ||
21 | { | ||
22 | sect_buff = (unsigned char *)_TIFFmalloc(sectsize); | ||
23 | - *sect_buff_ptr = sect_buff; | ||
24 | + if (!sect_buff) | ||
25 | + { | ||
26 | + TIFFError("createImageSection", "Unable to allocate/reallocate section buffer"); | ||
27 | + return (-1); | ||
28 | + } | ||
29 | _TIFFmemset(sect_buff, 0, sectsize); | ||
30 | } | ||
31 | else | ||
32 | @@ -7353,15 +7357,15 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr) | ||
33 | else | ||
34 | sect_buff = new_buff; | ||
35 | |||
36 | + if (!sect_buff) | ||
37 | + { | ||
38 | + TIFFError("createImageSection", "Unable to allocate/reallocate section buffer"); | ||
39 | + return (-1); | ||
40 | + } | ||
41 | _TIFFmemset(sect_buff, 0, sectsize); | ||
42 | } | ||
43 | } | ||
44 | |||
45 | - if (!sect_buff) | ||
46 | - { | ||
47 | - TIFFError("createImageSection", "Unable to allocate/reallocate section buffer"); | ||
48 | - return (-1); | ||
49 | - } | ||
50 | prev_sectsize = sectsize; | ||
51 | *sect_buff_ptr = sect_buff; | ||
52 | |||
53 | @@ -7628,7 +7632,11 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, | ||
54 | if (!crop_buff) | ||
55 | { | ||
56 | crop_buff = (unsigned char *)_TIFFmalloc(cropsize); | ||
57 | - *crop_buff_ptr = crop_buff; | ||
58 | + if (!crop_buff) | ||
59 | + { | ||
60 | + TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer"); | ||
61 | + return (-1); | ||
62 | + } | ||
63 | _TIFFmemset(crop_buff, 0, cropsize); | ||
64 | prev_cropsize = cropsize; | ||
65 | } | ||
66 | @@ -7644,15 +7652,15 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, | ||
67 | } | ||
68 | else | ||
69 | crop_buff = new_buff; | ||
70 | + if (!crop_buff) | ||
71 | + { | ||
72 | + TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer"); | ||
73 | + return (-1); | ||
74 | + } | ||
75 | _TIFFmemset(crop_buff, 0, cropsize); | ||
76 | } | ||
77 | } | ||
78 | |||
79 | - if (!crop_buff) | ||
80 | - { | ||
81 | - TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer"); | ||
82 | - return (-1); | ||
83 | - } | ||
84 | *crop_buff_ptr = crop_buff; | ||
85 | |||
86 | if (crop->crop_mode & CROP_INVERT) | ||
87 | @@ -9211,3 +9219,4 @@ invertImage(uint16_t photometric, uint16_t spp, uint16_t bps, uint32_t width, ui | ||
88 | * fill-column: 78 | ||
89 | * End: | ||
90 | */ | ||
91 | + | ||
92 | -- | ||
93 | GitLab | ||
94 | |||