| Brad Bishop | 316dfdd | 2018-06-25 12:45:53 -0400 | [diff] [blame] | 1 | From 293c8b0298e91d20ba51291e2351ab7d110671d0 Mon Sep 17 00:00:00 2001 |
| 2 | From: Even Rouault <even.rouault@spatialys.com> |
| 3 | Date: Sun, 31 Dec 2017 15:09:41 +0100 |
| 4 | Subject: [PATCH] libtiff/tif_print.c: TIFFPrintDirectory(): fix null pointer |
| 5 | dereference on corrupted file. Fixes |
| 6 | http://bugzilla.maptools.org/show_bug.cgi?id=2770 |
| 7 | |
| 8 | Upstream-Status: Backport |
| 9 | [https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01] |
| 10 | |
| 11 | CVE: CVE-2017-18013 |
| 12 | |
| 13 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> |
| 14 | --- |
| 15 | libtiff/tif_print.c | 8 ++++---- |
| 16 | 1 file changed, 4 insertions(+), 4 deletions(-) |
| 17 | |
| 18 | diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c |
| 19 | index 24d4b98..f494cfb 100644 |
| 20 | --- a/libtiff/tif_print.c |
| 21 | +++ b/libtiff/tif_print.c |
| 22 | @@ -667,13 +667,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags) |
| 23 | #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) |
| 24 | fprintf(fd, " %3lu: [%8I64u, %8I64u]\n", |
| 25 | (unsigned long) s, |
| 26 | - (unsigned __int64) td->td_stripoffset[s], |
| 27 | - (unsigned __int64) td->td_stripbytecount[s]); |
| 28 | + td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0, |
| 29 | + td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0); |
| 30 | #else |
| 31 | fprintf(fd, " %3lu: [%8llu, %8llu]\n", |
| 32 | (unsigned long) s, |
| 33 | - (unsigned long long) td->td_stripoffset[s], |
| 34 | - (unsigned long long) td->td_stripbytecount[s]); |
| 35 | + td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0, |
| 36 | + td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0); |
| 37 | #endif |
| 38 | } |
| 39 | } |
| 40 | -- |
| 41 | 2.7.4 |
| 42 | |