Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 9aee50030142f0352e48fd0b14b3aab4e7efa158 / . / poky / meta / recipes-multimedia / libtiff / tiff / 0005-fix-the-FPE-in-tiffcrop-393.patch
blob: 64dbe9ef92ffabe875d7990f43d7a243939a8046 [file] [log] [blame]
Andrew Geissler9aee5002022-03-30 16:27:02 +0000[diff] [blame^]1CVE: CVE-2022-0909
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@arm.com>
4
5From 4768355a074d562177e0a8b551c561d1af7eb74a Mon Sep 17 00:00:00 2001
6From: 4ugustus <wangdw.augustus@qq.com>
7Date: Tue, 8 Mar 2022 16:22:04 +0000
8Subject: [PATCH 5/6] fix the FPE in tiffcrop (#393)
9
10---
11 libtiff/tif_dir.c | 4 ++--
12 1 file changed, 2 insertions(+), 2 deletions(-)
13
14diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
15index a6c254fc..77da6ea4 100644
16--- a/libtiff/tif_dir.c
17+++ b/libtiff/tif_dir.c
18@@ -335,13 +335,13 @@ _TIFFVSetField(TIFF* tif, uint32_t tag, va_list ap)
19 break;
20 case TIFFTAG_XRESOLUTION:
21 dblval = va_arg(ap, double);
22- if( dblval < 0 )
23+ if( dblval != dblval || dblval < 0 )
24 goto badvaluedouble;
25 td->td_xresolution = _TIFFClampDoubleToFloat( dblval );
26 break;
27 case TIFFTAG_YRESOLUTION:
28 dblval = va_arg(ap, double);
29- if( dblval < 0 )
30+ if( dblval != dblval || dblval < 0 )
31 goto badvaluedouble;
32 td->td_yresolution = _TIFFClampDoubleToFloat( dblval );
33 break;
34--
352.25.1
36