1 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-3316.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-3316.patch
new file mode 100644
index 0000000000..8db24fc714
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-3316.patch
@@ -0,0 +1,59 @@
+From d63de61b1ec3385f6383ef9a1f453e4b8b11d536 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Fri, 3 Feb 2023 17:38:55 +0100
+Subject: [PATCH] TIFFClose() avoid NULL pointer dereferencing. fix#515
+Closes #515
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536]
+CVE: CVE-2023-3316
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libtiff/tif_close.c | 11 +++++++----
+ tools/tiffcrop.c    |  5 ++++-
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+diff --git a/libtiff/tif_close.c b/libtiff/tif_close.c
+index e4228df..335e80f 100644
+--- a/libtiff/tif_close.c
+++ b/libtiff/tif_close.c
+@@ -118,13 +118,16 @@ TIFFCleanup(TIFF* tif)
+  */
+ 
+ void
+-TIFFClose(TIFF* tif)
+TIFFClose(TIFF *tif)
+ {
+-       TIFFCloseProc closeproc = tif->tif_closeproc;
+-       thandle_t fd = tif->tif_clientdata;
+    if (tif != NULL)
+    {
+        TIFFCloseProc closeproc = tif->tif_closeproc;
+        thandle_t fd = tif->tif_clientdata;
+ 
+        TIFFCleanup(tif);
+-       (void) (*closeproc)(fd);
+        (void)(*closeproc)(fd);
+    }
+ }
+ 
+ /* vim: set ts=8 sts=8 sw=8 noet: */
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index a533089..f14bb0c 100644
+--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
+@@ -2526,7 +2526,10 @@ main(int argc, char* argv[])
+       }
+     }
+ 
+-  TIFFClose(out);
+    if (out != NULL)
+    {
+        TIFFClose(out);
+    }
+ 
+   return (0);
+   } /* end main */
+-- 
+2.25.1

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-3316.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-3316.patch new file mode 100644 index 0000000000..8db24fc714 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-3316.patch
@@ -0,0 +1,59 @@
	1	From d63de61b1ec3385f6383ef9a1f453e4b8b11d536 Mon Sep 17 00:00:00 2001
	2	From: Su_Laus <sulau@freenet.de>
	3	Date: Fri, 3 Feb 2023 17:38:55 +0100
	4	Subject: [PATCH] TIFFClose() avoid NULL pointer dereferencing. fix#515
	5
	6	Closes #515
	7
	8	Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536]
	9	CVE: CVE-2023-3316
	10	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
	11	---
	12	libtiff/tif_close.c \| 11 +++++++----
	13	tools/tiffcrop.c \| 5 ++++-
	14	2 files changed, 11 insertions(+), 5 deletions(-)
	15
	16	diff --git a/libtiff/tif_close.c b/libtiff/tif_close.c
	17	index e4228df..335e80f 100644
	18	--- a/libtiff/tif_close.c
	19	+++ b/libtiff/tif_close.c
	20	@@ -118,13 +118,16 @@ TIFFCleanup(TIFF* tif)
	21	*/
	22
	23	void
	24	-TIFFClose(TIFF* tif)
	25	+TIFFClose(TIFF *tif)
	26	{
	27	- TIFFCloseProc closeproc = tif->tif_closeproc;
	28	- thandle_t fd = tif->tif_clientdata;
	29	+ if (tif != NULL)
	30	+ {
	31	+ TIFFCloseProc closeproc = tif->tif_closeproc;
	32	+ thandle_t fd = tif->tif_clientdata;
	33
	34	TIFFCleanup(tif);
	35	- (void) (*closeproc)(fd);
	36	+ (void)(*closeproc)(fd);
	37	+ }
	38	}
	39
	40	/* vim: set ts=8 sts=8 sw=8 noet: */
	41	diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
	42	index a533089..f14bb0c 100644
	43	--- a/tools/tiffcrop.c
	44	+++ b/tools/tiffcrop.c
	45	@@ -2526,7 +2526,10 @@ main(int argc, char* argv[])
	46	}
	47	}
	48
	49	- TIFFClose(out);
	50	+ if (out != NULL)
	51	+ {
	52	+ TIFFClose(out);
	53	+ }
	54
	55	return (0);
	56	} /* end main */
	57	--
	58	2.25.1
	59