60 lines
1.8 KiB
Diff
60 lines
1.8 KiB
Diff
Teach "tiffinfo -D" to not try to print image data inside an EXIF subdirectory,
|
|
because there isn't any. Back-patched from an upstream 4.0.2 fix.
|
|
|
|
This is not a security issue in itself (it crashes, but with a simple NULL
|
|
pointer dereference). However, our test case for CVE-2012-5581 tickles this
|
|
bug, so it seems easier to fix this than make a new test case.
|
|
|
|
|
|
diff -Naur tiff-3.9.4.orig/tools/tiffinfo.c tiff-3.9.4/tools/tiffinfo.c
|
|
--- tiff-3.9.4.orig/tools/tiffinfo.c 2010-06-08 14:50:44.000000000 -0400
|
|
+++ tiff-3.9.4/tools/tiffinfo.c 2012-12-11 16:33:17.062228558 -0500
|
|
@@ -49,7 +49,7 @@
|
|
int stoponerr = 1; /* stop on first read error */
|
|
|
|
static void usage(void);
|
|
-static void tiffinfo(TIFF*, uint16, long);
|
|
+static void tiffinfo(TIFF*, uint16, long, int);
|
|
|
|
int
|
|
main(int argc, char* argv[])
|
|
@@ -124,19 +124,20 @@
|
|
if (tif != NULL) {
|
|
if (dirnum != -1) {
|
|
if (TIFFSetDirectory(tif, (tdir_t) dirnum))
|
|
- tiffinfo(tif, order, flags);
|
|
+ tiffinfo(tif, order, flags, 1);
|
|
} else if (diroff != 0) {
|
|
if (TIFFSetSubDirectory(tif, diroff))
|
|
- tiffinfo(tif, order, flags);
|
|
+ tiffinfo(tif, order, flags, 1);
|
|
} else {
|
|
do {
|
|
uint32 offset;
|
|
|
|
- tiffinfo(tif, order, flags);
|
|
+ tiffinfo(tif, order, flags, 1);
|
|
if (TIFFGetField(tif, TIFFTAG_EXIFIFD,
|
|
&offset)) {
|
|
- if (TIFFReadEXIFDirectory(tif, offset))
|
|
- tiffinfo(tif, order, flags);
|
|
+ if (TIFFReadEXIFDirectory(tif, offset)) {
|
|
+ tiffinfo(tif, order, flags, 0);
|
|
+ }
|
|
}
|
|
} while (TIFFReadDirectory(tif));
|
|
}
|
|
@@ -426,10 +427,10 @@
|
|
}
|
|
|
|
static void
|
|
-tiffinfo(TIFF* tif, uint16 order, long flags)
|
|
+tiffinfo(TIFF* tif, uint16 order, long flags, int is_image)
|
|
{
|
|
TIFFPrintDirectory(tif, stdout, flags);
|
|
- if (!readdata)
|
|
+ if (!readdata || !is_image)
|
|
return;
|
|
if (rawdata) {
|
|
if (order) {
|