Patrick Williams | 2390b1b | 2022-11-03 13:47:49 -0500 | [diff] [blame^] | 1 | CVE: CVE-2022-2953 |
Andrew Geissler | 87f5cff | 2022-09-30 13:13:31 -0500 | [diff] [blame] | 2 | Upstream-Status: Backport |
| 3 | Signed-off-by: Ross Burton <ross.burton@arm.com> |
| 4 | |
| 5 | From 8fe3735942ea1d90d8cef843b55b3efe8ab6feaf Mon Sep 17 00:00:00 2001 |
| 6 | From: Su_Laus <sulau@freenet.de> |
| 7 | Date: Mon, 15 Aug 2022 22:11:03 +0200 |
| 8 | Subject: [PATCH] =?UTF-8?q?According=20to=20Richard=20Nolde=20https://gitl?= |
| 9 | =?UTF-8?q?ab.com/libtiff/libtiff/-/issues/401#note=5F877637400=20the=20ti?= |
| 10 | =?UTF-8?q?ffcrop=20option=20=E2=80=9E-S=E2=80=9C=20is=20also=20mutually?= |
| 11 | =?UTF-8?q?=20exclusive=20to=20the=20other=20crop=20options=20(-X|-Y),=20-?= |
| 12 | =?UTF-8?q?Z=20and=20-z.?= |
| 13 | MIME-Version: 1.0 |
| 14 | Content-Type: text/plain; charset=UTF-8 |
| 15 | Content-Transfer-Encoding: 8bit |
| 16 | |
| 17 | This is now checked and ends tiffcrop if those arguments are not mutually exclusive. |
| 18 | |
| 19 | This MR will fix the following tiffcrop issues: #349, #414, #422, #423, #424 |
| 20 | --- |
| 21 | tools/tiffcrop.c | 31 ++++++++++++++++--------------- |
| 22 | 1 file changed, 16 insertions(+), 15 deletions(-) |
| 23 | |
| 24 | diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c |
| 25 | index 90286a5e..c3b758ec 100644 |
| 26 | --- a/tools/tiffcrop.c |
| 27 | +++ b/tools/tiffcrop.c |
| 28 | @@ -173,12 +173,12 @@ static char tiffcrop_rev_date[] = "02-09-2022"; |
| 29 | #define ROTATECW_270 32 |
| 30 | #define ROTATE_ANY (ROTATECW_90 | ROTATECW_180 | ROTATECW_270) |
| 31 | |
| 32 | -#define CROP_NONE 0 |
| 33 | -#define CROP_MARGINS 1 |
| 34 | -#define CROP_WIDTH 2 |
| 35 | -#define CROP_LENGTH 4 |
| 36 | -#define CROP_ZONES 8 |
| 37 | -#define CROP_REGIONS 16 |
| 38 | +#define CROP_NONE 0 /* "-S" -> Page_MODE_ROWSCOLS and page->rows/->cols != 0 */ |
| 39 | +#define CROP_MARGINS 1 /* "-m" */ |
| 40 | +#define CROP_WIDTH 2 /* "-X" */ |
| 41 | +#define CROP_LENGTH 4 /* "-Y" */ |
| 42 | +#define CROP_ZONES 8 /* "-Z" */ |
| 43 | +#define CROP_REGIONS 16 /* "-z" */ |
| 44 | #define CROP_ROTATE 32 |
| 45 | #define CROP_MIRROR 64 |
| 46 | #define CROP_INVERT 128 |
| 47 | @@ -316,7 +316,7 @@ struct crop_mask { |
| 48 | #define PAGE_MODE_RESOLUTION 1 |
| 49 | #define PAGE_MODE_PAPERSIZE 2 |
| 50 | #define PAGE_MODE_MARGINS 4 |
| 51 | -#define PAGE_MODE_ROWSCOLS 8 |
| 52 | +#define PAGE_MODE_ROWSCOLS 8 /* for -S option */ |
| 53 | |
| 54 | #define INVERT_DATA_ONLY 10 |
| 55 | #define INVERT_DATA_AND_TAG 11 |
| 56 | @@ -781,7 +781,7 @@ static const char usage_info[] = |
| 57 | " The four debug/dump options are independent, though it makes little sense to\n" |
| 58 | " specify a dump file without specifying a detail level.\n" |
| 59 | "\n" |
| 60 | -"Note: The (-X|-Y), -Z and -z options are mutually exclusive.\n" |
| 61 | +"Note: The (-X|-Y), -Z, -z and -S options are mutually exclusive.\n" |
| 62 | " In no case should the options be applied to a given selection successively.\n" |
| 63 | "\n" |
| 64 | ; |
| 65 | @@ -2131,13 +2131,14 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 |
| 66 | /*NOTREACHED*/ |
| 67 | } |
| 68 | } |
| 69 | - /*-- Check for not allowed combinations (e.g. -X, -Y and -Z and -z are mutually exclusive) --*/ |
| 70 | - char XY, Z, R; |
| 71 | + /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/ |
| 72 | + char XY, Z, R, S; |
| 73 | XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH)); |
| 74 | Z = (crop_data->crop_mode & CROP_ZONES); |
| 75 | R = (crop_data->crop_mode & CROP_REGIONS); |
| 76 | - if ((XY && Z) || (XY && R) || (Z && R)) { |
| 77 | - TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z and -z are mutually exclusive.->Exit"); |
| 78 | + S = (page->mode & PAGE_MODE_ROWSCOLS); |
| 79 | + if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S) || (R && S)) { |
| 80 | + TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit"); |
| 81 | exit(EXIT_FAILURE); |
| 82 | } |
| 83 | } /* end process_command_opts */ |
| 84 | -- |
| 85 | 2.34.1 |
| 86 | |