1 files changed, 47 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-3618.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-3618.patch
new file mode 100644
index 0000000000..fd67305c0b
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-3618.patch
@@ -0,0 +1,47 @@
+From b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Fri, 5 May 2023 19:43:46 +0200
+Subject: [PATCH] Consider error return of writeSelections(). Fixes #553
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8]
+CVE: CVE-2023-3618
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ tools/tiffcrop.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 7121c7c..93b7f96 100644
+--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
+@@ -2437,9 +2437,15 @@ main(int argc, char* argv[])
+         {  /* Whole image or sections not based on output page size */
+         if (crop.selections > 0)
+           {
+-         writeSelections(in, &out, &crop, &image, &dump, seg_buffs,
+-                          mp, argv[argc - 1], &next_page, total_pages);
+-          }
+             if (writeSelections(in, &out, &crop, &image, &dump,
+                                 seg_buffs, mp, argv[argc - 1],
+                                 &next_page, total_pages))
+              {
+                TIFFError("main",
+                          "Unable to write new image selections");
+                exit(EXIT_FAILURE);
+              }
+         }
+        else  /* One file all images and sections */
+           {
+          if (update_output_file (&out, mp, crop.exp_mode, argv[argc - 1],
+@@ -7749,7 +7755,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+   /* Memory is freed before crop_buff_ptr is overwritten */
+     if (*crop_buff_ptr != NULL)
+     {
+-       _TIFFfree(*crop_buff_ptr);
+       _TIFFfree(*crop_buff_ptr);
+     }
+ 
+   /* process full image, no crop buffer needed */
+-- 
+2.25.1

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-3618.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-3618.patch new file mode 100644 index 0000000000..fd67305c0b --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-3618.patch
@@ -0,0 +1,47 @@
	1	From b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8 Mon Sep 17 00:00:00 2001
	2	From: Su_Laus <sulau@freenet.de>
	3	Date: Fri, 5 May 2023 19:43:46 +0200
	4	Subject: [PATCH] Consider error return of writeSelections(). Fixes #553
	5
	6	Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8]
	7	CVE: CVE-2023-3618
	8	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
	9	---
	10	tools/tiffcrop.c \| 14 ++++++++++----
	11	1 file changed, 10 insertions(+), 4 deletions(-)
	12
	13	diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
	14	index 7121c7c..93b7f96 100644
	15	--- a/tools/tiffcrop.c
	16	+++ b/tools/tiffcrop.c
	17	@@ -2437,9 +2437,15 @@ main(int argc, char* argv[])
	18	{ /* Whole image or sections not based on output page size */
	19	if (crop.selections > 0)
	20	{
	21	- writeSelections(in, &out, &crop, &image, &dump, seg_buffs,
	22	- mp, argv[argc - 1], &next_page, total_pages);
	23	- }
	24	+ if (writeSelections(in, &out, &crop, &image, &dump,
	25	+ seg_buffs, mp, argv[argc - 1],
	26	+ &next_page, total_pages))
	27	+ {
	28	+ TIFFError("main",
	29	+ "Unable to write new image selections");
	30	+ exit(EXIT_FAILURE);
	31	+ }
	32	+ }
	33	else /* One file all images and sections */
	34	{
	35	if (update_output_file (&out, mp, crop.exp_mode, argv[argc - 1],
	36	@@ -7749,7 +7755,7 @@ createCroppedImage(struct image_data image, struct crop_mask crop,
	37	/* Memory is freed before crop_buff_ptr is overwritten */
	38	if (*crop_buff_ptr != NULL)
	39	{
	40	- _TIFFfree(*crop_buff_ptr);
	41	+ _TIFFfree(*crop_buff_ptr);
	42	}
	43
	44	/* process full image, no crop buffer needed */
	45	--
	46	2.25.1
	47