1 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch
new file mode 100644
index 0000000000..62a5e1831c
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch
@@ -0,0 +1,33 @@
+From 8c0859a80444c90b8dfb862a9f16de74e16f0a9e Mon Sep 17 00:00:00 2001
+From: xiaoxiaoafeifei <lliangliang2007@163.com>
+Date: Fri, 21 Apr 2023 13:01:34 +0000
+Subject: [PATCH] countInkNamesString(): fix `UndefinedBehaviorSanitizer`:
+ applying zero offset to null pointer
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f]
+CVE: CVE-2023-2908
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libtiff/tif_dir.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
+index 9d8267a..6389b40 100644
+--- a/libtiff/tif_dir.c
+++ b/libtiff/tif_dir.c
+@@ -145,10 +145,10 @@ static uint16
+ countInkNamesString(TIFF *tif, uint32 slen, const char *s)
+ {
+        uint16 i = 0;
+-       const char *ep = s + slen;
+-       const char *cp = s;
+ 
+        if (slen > 0) {
+               const char *ep = s + slen;
+               const char *cp = s;
+                do {
+                        for (; cp < ep && *cp != '\0'; cp++) {}
+                        if (cp >= ep)
+-- 
+2.25.1

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch new file mode 100644 index 0000000000..62a5e1831c --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch
@@ -0,0 +1,33 @@
	1	From 8c0859a80444c90b8dfb862a9f16de74e16f0a9e Mon Sep 17 00:00:00 2001
	2	From: xiaoxiaoafeifei <lliangliang2007@163.com>
	3	Date: Fri, 21 Apr 2023 13:01:34 +0000
	4	Subject: [PATCH] countInkNamesString(): fix `UndefinedBehaviorSanitizer`:
	5	applying zero offset to null pointer
	6
	7	Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f]
	8	CVE: CVE-2023-2908
	9	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
	10	---
	11	libtiff/tif_dir.c \| 4 ++--
	12	1 file changed, 2 insertions(+), 2 deletions(-)
	13
	14	diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
	15	index 9d8267a..6389b40 100644
	16	--- a/libtiff/tif_dir.c
	17	+++ b/libtiff/tif_dir.c
	18	@@ -145,10 +145,10 @@ static uint16
	19	countInkNamesString(TIFF tif, uint32 slen, const char s)
	20	{
	21	uint16 i = 0;
	22	- const char *ep = s + slen;
	23	- const char *cp = s;
	24
	25	if (slen > 0) {
	26	+ const char *ep = s + slen;
	27	+ const char *cp = s;
	28	do {
	29	for (; cp < ep && *cp != '\0'; cp++) {}
	30	if (cp >= ep)
	31	--
	32	2.25.1
	33