diff options
Diffstat (limited to 'meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch')
-rw-r--r-- | meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch new file mode 100644 index 0000000000..6a62787648 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch | |||
@@ -0,0 +1,59 @@ | |||
1 | From 4746f16253b784287bc8a5003990c1c3b9a03a62 Mon Sep 17 00:00:00 2001 | ||
2 | From: Su_Laus <sulau@freenet.de> | ||
3 | Date: Thu, 25 Aug 2022 16:11:41 +0200 | ||
4 | Subject: [PATCH] tiffcrop: disable incompatibility of -Z, -X, -Y, -z options | ||
5 | with any PAGE_MODE_x option (fixes #411 and #413) | ||
6 | MIME-Version: 1.0 | ||
7 | Content-Type: text/plain; charset=UTF-8 | ||
8 | Content-Transfer-Encoding: 8bit | ||
9 | |||
10 | tiffcrop does not support –Z, -z, -X and –Y options together with any other PAGE_MODE_x options like -H, -V, -P, -J, -K or –S. | ||
11 | |||
12 | Code analysis: | ||
13 | |||
14 | With the options –Z, -z, the crop.selections are set to a value > 0. Within main(), this triggers the call of processCropSelections(), which copies the sections from the read_buff into seg_buffs[]. | ||
15 | In the following code in main(), the only supported step, where that seg_buffs are further handled are within an if-clause with if (page.mode == PAGE_MODE_NONE) . | ||
16 | |||
17 | Execution of the else-clause often leads to buffer-overflows. | ||
18 | |||
19 | Therefore, the above option combination is not supported and will be disabled to prevent those buffer-overflows. | ||
20 | |||
21 | The MR solves issues #411 and #413. | ||
22 | |||
23 | CVE: CVE-2022-3597 CVE-2022-3626 CVE-2022-3627 | ||
24 | Upstream-Status: Backport | ||
25 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
26 | --- | ||
27 | doc/tools/tiffcrop.rst | 8 ++++++++ | ||
28 | tools/tiffcrop.c | 32 +++++++++++++++++++++++++------- | ||
29 | 2 files changed, 33 insertions(+), 7 deletions(-) | ||
30 | |||
31 | diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c | ||
32 | index 8fd856dc..41a2ea36 100644 | ||
33 | --- a/tools/tiffcrop.c | ||
34 | +++ b/tools/tiffcrop.c | ||
35 | @@ -2138,9 +2143,20 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 | ||
36 | R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0; | ||
37 | S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0; | ||
38 | if (XY + Z + R + S > 1) { | ||
39 | - TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit"); | ||
40 | + TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->exit"); | ||
41 | exit(EXIT_FAILURE); | ||
42 | } | ||
43 | + | ||
44 | + /* Check for not allowed combination: | ||
45 | + * Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x options | ||
46 | + * such as -H, -V, -P, -J or -K are not supported and may cause buffer overflows. | ||
47 | +. */ | ||
48 | + if ((XY + Z + R > 0) && page->mode != PAGE_MODE_NONE) { | ||
49 | + TIFFError("tiffcrop input error", | ||
50 | + "Any of the crop options -X, -Y, -Z and -z together with other PAGE_MODE_x options such as - H, -V, -P, -J or -K is not supported and may cause buffer overflows..->exit"); | ||
51 | + exit(EXIT_FAILURE); | ||
52 | + } | ||
53 | + | ||
54 | } /* end process_command_opts */ | ||
55 | |||
56 | /* Start a new output file if one has not been previously opened or | ||
57 | -- | ||
58 | 2.34.1 | ||
59 | |||