diff options
Diffstat (limited to 'meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch')
-rw-r--r-- | meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch b/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch new file mode 100644 index 0000000000..01ed5dcd24 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | From 561599c99f987dc32ae110370cfdd7df7975586b Mon Sep 17 00:00:00 2001 | ||
2 | From: Even Rouault <even.rouault@spatialys.com> | ||
3 | Date: Sat, 5 Feb 2022 20:36:41 +0100 | ||
4 | Subject: [PATCH] TIFFReadDirectory(): avoid calling memcpy() with a null | ||
5 | source pointer and size of zero (fixes #362) | ||
6 | |||
7 | Upstream-Status: Backport | ||
8 | CVE: CVE-2022-0562 | ||
9 | Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> | ||
10 | Comment: Refreshed patch | ||
11 | --- | ||
12 | libtiff/tif_dirread.c | 3 ++- | ||
13 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
14 | |||
15 | diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c | ||
16 | index 2bbc4585..23194ced 100644 | ||
17 | --- a/libtiff/tif_dirread.c | ||
18 | +++ b/libtiff/tif_dirread.c | ||
19 | @@ -4126,7 +4126,8 @@ | ||
20 | goto bad; | ||
21 | } | ||
22 | |||
23 | - memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16)); | ||
24 | + if (old_extrasamples > 0) | ||
25 | + memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16)); | ||
26 | _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples); | ||
27 | _TIFFfree(new_sampleinfo); | ||
28 | } | ||