| Andrew Geissler | 7e0e3c0 | 2022-02-25 20:34:39 +0000 | [diff] [blame^] | 1 | From 561599c99f987dc32ae110370cfdd7df7975586b Mon Sep 17 00:00:00 2001 |
| 2 | From: Even Rouault <even.rouault@spatialys.com> |
| 3 | Date: Sat, 5 Feb 2022 20:36:41 +0100 |
| 4 | Subject: [PATCH] TIFFReadDirectory(): avoid calling memcpy() with a null |
| 5 | source pointer and size of zero (fixes #362) |
| 6 | |
| 7 | Upstream-Status: Backport |
| 8 | CVE: CVE-2022-0562 |
| 9 | |
| 10 | --- |
| 11 | libtiff/tif_dirread.c | 3 ++- |
| 12 | 1 file changed, 2 insertions(+), 1 deletion(-) |
| 13 | |
| 14 | diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c |
| 15 | index 2bbc4585..23194ced 100644 |
| 16 | --- a/libtiff/tif_dirread.c |
| 17 | +++ b/libtiff/tif_dirread.c |
| 18 | @@ -4177,7 +4177,8 @@ TIFFReadDirectory(TIFF* tif) |
| 19 | goto bad; |
| 20 | } |
| 21 | |
| 22 | - memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t)); |
| 23 | + if (old_extrasamples > 0) |
| 24 | + memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t)); |
| 25 | _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples); |
| 26 | _TIFFfree(new_sampleinfo); |
| 27 | } |
| 28 | -- |
| 29 | GitLab |
| 30 | |