From ed35364de1e3ad444e6f954514ee68eb9be496d2 Mon Sep 17 00:00:00 2001 From: Lee Howard Date: Mon, 19 May 2025 10:53:30 -0700 Subject: [PATCH 3/7] Don't skip the first line of the input image. Addresses issue #703 CVE: CVE-2025-8176 Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/3994cf3b3bc6b54c32f240ca5a412cffa11633fa] Signed-off-by: Siddharth Doshi --- tools/tiffdither.c | 4 ++-- tools/tiffmedian.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/tiffdither.c b/tools/tiffdither.c index 714fe03..bfed6df 100644 --- a/tools/tiffdither.c +++ b/tools/tiffdither.c @@ -98,7 +98,7 @@ static int fsdither(TIFF *in, TIFF *out) nextptr = nextline; for (j = 0; j < imagewidth; ++j) *nextptr++ = *inptr++; - for (i = 1; i < imagelength; ++i) + for (i = 0; i < imagelength; ++i) { tmpptr = thisline; thisline = nextline; @@ -146,7 +146,7 @@ static int fsdither(TIFF *in, TIFF *out) nextptr[0] += v / 16; } } - if (TIFFWriteScanline(out, outline, i - 1, 0) < 0) + if (TIFFWriteScanline(out, outline, i, 0) < 0) goto skip_on_error; } goto exit_label; diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c index 02b0bc2..f6cf26c 100644 --- a/tools/tiffmedian.c +++ b/tools/tiffmedian.c @@ -917,7 +917,7 @@ static void quant_fsdither(TIFF *in, TIFF *out) outline = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); GetInputLine(in, 0, goto bad); /* get first line */ - for (i = 1; i <= imagelength; ++i) + for (i = 0; i <= imagelength; ++i) { SWAP(short *, thisline, nextline); lastline = (i >= imax); @@ -997,7 +997,7 @@ static void quant_fsdither(TIFF *in, TIFF *out) nextptr += 3; } } - if (TIFFWriteScanline(out, outline, i - 1, 0) < 0) + if (TIFFWriteScanline(out, outline, i, 0) < 0) break; } bad: -- 2.47.3