From 6ba36f159fd396ad11bf6b7874554197736ecc8b Mon Sep 17 00:00:00 2001
From: Su_Laus <sulau@freenet.de>
Date: Sat, 2 Aug 2025 18:55:54 +0200
Subject: [PATCH] tiff2ps: check return of TIFFGetFiled() for 
 TIFFTAG_STRIPBYTECOUNTS and TIFFTAG_TILEBYTECOUNTS to avoid NULL pointer 
 dereference.

Closes #718

CVE: CVE-2025-8534
Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b]

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
 tools/tiff2ps.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/tools/tiff2ps.c b/tools/tiff2ps.c
index a598ede..05a346a 100644
--- a/tools/tiff2ps.c
+++ b/tools/tiff2ps.c
@@ -2193,10 +2193,20 @@ PS_Lvl2page(FILE* fd, TIFF* tif, uint32_t w, uint32_t h)
 	tiled_image = TIFFIsTiled(tif);
 	if (tiled_image) {
 		num_chunks = TIFFNumberOfTiles(tif);
-		TIFFGetField(tif, TIFFTAG_TILEBYTECOUNTS, &bc);
+		if (!TIFFGetField(tif, TIFFTAG_TILEBYTECOUNTS, &bc))
+                {
+                   TIFFError(filename,
+                             "Can't read bytecounts of tiles at PS_Lvl2page()");
+                   return (FALSE);
+                }
 	} else {
 		num_chunks = TIFFNumberOfStrips(tif);
-		TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc);
+		if (!TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc))
+                {
+                   TIFFError(filename,
+                             "Can't read bytecounts of strips at PS_Lvl2page()");
+                   return (FALSE);
+                 }
 	}
 
 	if (use_rawdata) {
@@ -2791,7 +2801,11 @@ PSRawDataBW(FILE* fd, TIFF* tif, uint32_t w, uint32_t h)
 
 	(void) w; (void) h;
 	TIFFGetFieldDefaulted(tif, TIFFTAG_FILLORDER, &fillorder);
-	TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc);
+        if (!TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc))
+        {
+           TIFFError(filename, "Can't read bytecounts of strips at PSRawDataBW()");
+           return;
+        }
 
 	/*
 	 * Find largest strip:
-- 
2.40.0