diff options
Diffstat (limited to 'meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch')
| -rw-r--r-- | meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch new file mode 100644 index 0000000000..6a62787648 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch | |||
| @@ -0,0 +1,59 @@ | |||
| 1 | From 4746f16253b784287bc8a5003990c1c3b9a03a62 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Su_Laus <sulau@freenet.de> | ||
| 3 | Date: Thu, 25 Aug 2022 16:11:41 +0200 | ||
| 4 | Subject: [PATCH] tiffcrop: disable incompatibility of -Z, -X, -Y, -z options | ||
| 5 | with any PAGE_MODE_x option (fixes #411 and #413) | ||
| 6 | MIME-Version: 1.0 | ||
| 7 | Content-Type: text/plain; charset=UTF-8 | ||
| 8 | Content-Transfer-Encoding: 8bit | ||
| 9 | |||
| 10 | tiffcrop does not support –Z, -z, -X and –Y options together with any other PAGE_MODE_x options like -H, -V, -P, -J, -K or –S. | ||
| 11 | |||
| 12 | Code analysis: | ||
| 13 | |||
| 14 | With the options –Z, -z, the crop.selections are set to a value > 0. Within main(), this triggers the call of processCropSelections(), which copies the sections from the read_buff into seg_buffs[]. | ||
| 15 | In the following code in main(), the only supported step, where that seg_buffs are further handled are within an if-clause with if (page.mode == PAGE_MODE_NONE) . | ||
| 16 | |||
| 17 | Execution of the else-clause often leads to buffer-overflows. | ||
| 18 | |||
| 19 | Therefore, the above option combination is not supported and will be disabled to prevent those buffer-overflows. | ||
| 20 | |||
| 21 | The MR solves issues #411 and #413. | ||
| 22 | |||
| 23 | CVE: CVE-2022-3597 CVE-2022-3626 CVE-2022-3627 | ||
| 24 | Upstream-Status: Backport | ||
| 25 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
| 26 | --- | ||
| 27 | doc/tools/tiffcrop.rst | 8 ++++++++ | ||
| 28 | tools/tiffcrop.c | 32 +++++++++++++++++++++++++------- | ||
| 29 | 2 files changed, 33 insertions(+), 7 deletions(-) | ||
| 30 | |||
| 31 | diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c | ||
| 32 | index 8fd856dc..41a2ea36 100644 | ||
| 33 | --- a/tools/tiffcrop.c | ||
| 34 | +++ b/tools/tiffcrop.c | ||
| 35 | @@ -2138,9 +2143,20 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 | ||
| 36 | R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0; | ||
| 37 | S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0; | ||
| 38 | if (XY + Z + R + S > 1) { | ||
| 39 | - TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit"); | ||
| 40 | + TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->exit"); | ||
| 41 | exit(EXIT_FAILURE); | ||
| 42 | } | ||
| 43 | + | ||
| 44 | + /* Check for not allowed combination: | ||
| 45 | + * Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x options | ||
| 46 | + * such as -H, -V, -P, -J or -K are not supported and may cause buffer overflows. | ||
| 47 | +. */ | ||
| 48 | + if ((XY + Z + R > 0) && page->mode != PAGE_MODE_NONE) { | ||
| 49 | + TIFFError("tiffcrop input error", | ||
| 50 | + "Any of the crop options -X, -Y, -Z and -z together with other PAGE_MODE_x options such as - H, -V, -P, -J or -K is not supported and may cause buffer overflows..->exit"); | ||
| 51 | + exit(EXIT_FAILURE); | ||
| 52 | + } | ||
| 53 | + | ||
| 54 | } /* end process_command_opts */ | ||
| 55 | |||
| 56 | /* Start a new output file if one has not been previously opened or | ||
| 57 | -- | ||
| 58 | 2.34.1 | ||
| 59 | |||