| CVE: CVE-2022-0865 |
| Upstream-Status: Backport |
| Signed-off-by: Ross Burton <ross.burton@arm.com> |
| |
| From 88da11ae3c4db527cb870fb1017456cc8fbac2e7 Mon Sep 17 00:00:00 2001 |
| From: Even Rouault <even.rouault@spatialys.com> |
| Date: Thu, 24 Feb 2022 22:26:02 +0100 |
| Subject: [PATCH 1/6] tif_jbig.c: fix crash when reading a file with multiple |
| IFD in memory-mapped mode and when bit reversal is needed (fixes #385) |
| |
| --- |
| libtiff/tif_jbig.c | 10 ++++++++++ |
| 1 file changed, 10 insertions(+) |
| |
| diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c |
| index 74086338..8bfa4cef 100644 |
| --- a/libtiff/tif_jbig.c |
| +++ b/libtiff/tif_jbig.c |
| @@ -209,6 +209,16 @@ int TIFFInitJBIG(TIFF* tif, int scheme) |
| */ |
| tif->tif_flags |= TIFF_NOBITREV; |
| tif->tif_flags &= ~TIFF_MAPPED; |
| + /* We may have read from a previous IFD and thus set TIFF_BUFFERMMAP and |
| + * cleared TIFF_MYBUFFER. It is necessary to restore them to their initial |
| + * value to be consistent with the state of a non-memory mapped file. |
| + */ |
| + if (tif->tif_flags&TIFF_BUFFERMMAP) { |
| + tif->tif_rawdata = NULL; |
| + tif->tif_rawdatasize = 0; |
| + tif->tif_flags &= ~TIFF_BUFFERMMAP; |
| + tif->tif_flags |= TIFF_MYBUFFER; |
| + } |
| |
| /* Setup the function pointers for encode, decode, and cleanup. */ |
| tif->tif_setupdecode = JBIGSetupDecode; |
| -- |
| 2.25.1 |
| |