| From 561599c99f987dc32ae110370cfdd7df7975586b Mon Sep 17 00:00:00 2001 |
| From: Even Rouault <even.rouault@spatialys.com> |
| Date: Sat, 5 Feb 2022 20:36:41 +0100 |
| Subject: [PATCH] TIFFReadDirectory(): avoid calling memcpy() with a null |
| source pointer and size of zero (fixes #362) |
| |
| Upstream-Status: Backport |
| CVE: CVE-2022-0562 |
| |
| --- |
| libtiff/tif_dirread.c | 3 ++- |
| 1 file changed, 2 insertions(+), 1 deletion(-) |
| |
| diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c |
| index 2bbc4585..23194ced 100644 |
| --- a/libtiff/tif_dirread.c |
| +++ b/libtiff/tif_dirread.c |
| @@ -4177,7 +4177,8 @@ TIFFReadDirectory(TIFF* tif) |
| goto bad; |
| } |
| |
| - memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t)); |
| + if (old_extrasamples > 0) |
| + memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t)); |
| _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples); |
| _TIFFfree(new_sampleinfo); |
| } |
| -- |
| GitLab |
| |