Blame - poky/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch - openbmc/openbmc

blob: 74f9649fdf11ce182f96ed72dcf46110019f4221 [file] [log] [blame]

Andrew Geissler	7e0e3c0	2022-02-25 20:34:39 +0000	[diff] [blame^]	1	From eecb0712f4c3a5b449f70c57988260a667ddbdef Mon Sep 17 00:00:00 2001
				2	From: Even Rouault <even.rouault@spatialys.com>
				3	Date: Sun, 6 Feb 2022 13:08:38 +0100
				4	Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null
				5	source pointer and size of zero (fixes #362)
				6
				7	Upstream-Status: Backport
				8	CVE: CVE-2022-0561
				9
				10	---
				11	libtiff/tif_dirread.c \| 5 +++--
				12	1 file changed, 3 insertions(+), 2 deletions(-)
				13
				14	diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
				15	index 23194ced..50ebf8ac 100644
				16	--- a/libtiff/tif_dirread.c
				17	+++ b/libtiff/tif_dirread.c
				18	@@ -5777,8 +5777,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32_t nstrips, uint64_t** l
				19	_TIFFfree(data);
				20	return(0);
				21	}
				22	- _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
				23	- _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
				24	+ if( dir->tdir_count )
				25	+ _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
				26	+ _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
				27	_TIFFfree(data);
				28	data=resizeddata;
				29	}
				30	--
				31	GitLab
				32