1 files changed, 32 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch b/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch
new file mode 100644
index 0000000000..74f9649fdf
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch
@@ -0,0 +1,32 @@
+From eecb0712f4c3a5b449f70c57988260a667ddbdef Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 6 Feb 2022 13:08:38 +0100
+Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null
+ source pointer and size of zero (fixes #362)
+Upstream-Status: Backport
+CVE: CVE-2022-0561
+---
+ libtiff/tif_dirread.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 23194ced..50ebf8ac 100644
+--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
+@@ -5777,8 +5777,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32_t nstrips, uint64_t** l
+                        _TIFFfree(data);
+                        return(0);
+                }
+-                _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
+-                _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
+               if( dir->tdir_count )
+                       _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
+               _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
+                _TIFFfree(data);
+                data=resizeddata;
+        }
+-- 
+GitLab

diff --git a/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch b/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch new file mode 100644 index 0000000000..74f9649fdf --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch
@@ -0,0 +1,32 @@
	1	From eecb0712f4c3a5b449f70c57988260a667ddbdef Mon Sep 17 00:00:00 2001
	2	From: Even Rouault <even.rouault@spatialys.com>
	3	Date: Sun, 6 Feb 2022 13:08:38 +0100
	4	Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null
	5	source pointer and size of zero (fixes #362)
	6
	7	Upstream-Status: Backport
	8	CVE: CVE-2022-0561
	9
	10	---
	11	libtiff/tif_dirread.c \| 5 +++--
	12	1 file changed, 3 insertions(+), 2 deletions(-)
	13
	14	diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
	15	index 23194ced..50ebf8ac 100644
	16	--- a/libtiff/tif_dirread.c
	17	+++ b/libtiff/tif_dirread.c
	18	@@ -5777,8 +5777,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32_t nstrips, uint64_t** l
	19	_TIFFfree(data);
	20	return(0);
	21	}
	22	- _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
	23	- _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
	24	+ if( dir->tdir_count )
	25	+ _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
	26	+ _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
	27	_TIFFfree(data);
	28	data=resizeddata;
	29	}
	30	--
	31	GitLab
	32