poky/meta/recipes-multimedia/libtiff/files/CVE-2022-0907.patch - openbmc/openbmc - Gitiles

 From 40b00cfb32256d377608b4d4cd30fac338d0a0bc Mon Sep 17 00:00:00 2001
 From: Augustus <wangdw.augustus@qq.com>
 Date: Mon, 7 Mar 2022 18:21:49 +0800
 Subject: [PATCH] add checks for return value of limitMalloc (#392)

 CVE: CVE-2022-0907
 Upstream-Status: Backport [https://sources.debian.org/src/tiff/4.1.0+git191117-2%7Edeb10u4/debian/patches/CVE-2022-0907.patch/]
 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
 Comment: No change in any hunk

 ---
  tools/tiffcrop.c | 33 +++++++++++++++++++++------------
  1 file changed, 21 insertions(+), 12 deletions(-)

 diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
 index f2e5474a..9b8acc7e 100644
 --- a/tools/tiffcrop.c
 +++ b/tools/tiffcrop.c
 @@ -7337,7 +7337,11 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
    if (!sect_buff)
      {
      sect_buff = (unsigned char *)_TIFFmalloc(sectsize);
 -    *sect_buff_ptr = sect_buff;
 +    if (!sect_buff)
 +    {
 +        TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
 +        return (-1);
 +    }
      _TIFFmemset(sect_buff, 0, sectsize);
      }
    else
 @@ -7353,15 +7357,15 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
        else
          sect_buff = new_buff;

 +      if (!sect_buff)
 +      {
 +          TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
 +          return (-1);
 +      }
        _TIFFmemset(sect_buff, 0, sectsize);
        }
      }

 -  if (!sect_buff)
 -    {
 -    TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
 -    return (-1);
 -    }
    prev_sectsize = sectsize;
    *sect_buff_ptr = sect_buff;

 @@ -7628,7 +7632,11 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
    if (!crop_buff)
      {
      crop_buff = (unsigned char *)_TIFFmalloc(cropsize);
 -    *crop_buff_ptr = crop_buff;
 +    if (!crop_buff)
 +    {
 +        TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
 +        return (-1);
 +    }
      _TIFFmemset(crop_buff, 0, cropsize);
      prev_cropsize = cropsize;
      }
 @@ -7644,15 +7652,15 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
          }
        else
          crop_buff = new_buff;
 +      if (!crop_buff)
 +      {
 +          TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
 +          return (-1);
 +      }
        _TIFFmemset(crop_buff, 0, cropsize);
        }
      }

 -  if (!crop_buff)
 -    {
 -    TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
 -    return (-1);
 -    }
    *crop_buff_ptr = crop_buff;

    if (crop->crop_mode & CROP_INVERT)
 @@ -9211,3 +9219,4 @@ invertImage(uint16_t photometric, uint16_t spp, uint16_t bps, uint32_t width, ui
   * fill-column: 78
   * End:
   */
 +
 --
 GitLab
	From 40b00cfb32256d377608b4d4cd30fac338d0a0bc Mon Sep 17 00:00:00 2001
	From: Augustus <wangdw.augustus@qq.com>
	Date: Mon, 7 Mar 2022 18:21:49 +0800
	Subject: [PATCH] add checks for return value of limitMalloc (#392)

	CVE: CVE-2022-0907
	Upstream-Status: Backport [https://sources.debian.org/src/tiff/4.1.0+git191117-2%7Edeb10u4/debian/patches/CVE-2022-0907.patch/]
	Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
	Comment: No change in any hunk

	---
	tools/tiffcrop.c \| 33 +++++++++++++++++++++------------
	1 file changed, 21 insertions(+), 12 deletions(-)

	diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
	index f2e5474a..9b8acc7e 100644
	--- a/tools/tiffcrop.c
	+++ b/tools/tiffcrop.c
	@@ -7337,7 +7337,11 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
	if (!sect_buff)
	{
	sect_buff = (unsigned char *)_TIFFmalloc(sectsize);
	- *sect_buff_ptr = sect_buff;
	+ if (!sect_buff)
	+ {
	+ TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
	+ return (-1);
	+ }
	_TIFFmemset(sect_buff, 0, sectsize);
	}
	else
	@@ -7353,15 +7357,15 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
	else
	sect_buff = new_buff;

	+ if (!sect_buff)
	+ {
	+ TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
	+ return (-1);
	+ }
	_TIFFmemset(sect_buff, 0, sectsize);
	}
	}

	- if (!sect_buff)
	- {
	- TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
	- return (-1);
	- }
	prev_sectsize = sectsize;
	*sect_buff_ptr = sect_buff;

	@@ -7628,7 +7632,11 @@ createCroppedImage(struct image_data image, struct crop_mask crop,
	if (!crop_buff)
	{
	crop_buff = (unsigned char *)_TIFFmalloc(cropsize);
	- *crop_buff_ptr = crop_buff;
	+ if (!crop_buff)
	+ {
	+ TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
	+ return (-1);
	+ }
	_TIFFmemset(crop_buff, 0, cropsize);
	prev_cropsize = cropsize;
	}
	@@ -7644,15 +7652,15 @@ createCroppedImage(struct image_data image, struct crop_mask crop,
	}
	else
	crop_buff = new_buff;
	+ if (!crop_buff)
	+ {
	+ TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
	+ return (-1);
	+ }
	_TIFFmemset(crop_buff, 0, cropsize);
	}
	}

	- if (!crop_buff)
	- {
	- TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
	- return (-1);
	- }
	*crop_buff_ptr = crop_buff;

	if (crop->crop_mode & CROP_INVERT)
	@@ -9211,3 +9219,4 @@ invertImage(uint16_t photometric, uint16_t spp, uint16_t bps, uint32_t width, ui
	* fill-column: 78
	* End:
	*/
	+
	--
	GitLab