29 lines
999 B
Diff
29 lines
999 B
Diff
|
From cadce9836463df5653b573eff47fddadc23431c5 Mon Sep 17 00:00:00 2001
|
||
|
From: Even Rouault <even.rouault@spatialys.com>
|
||
|
Date: Sat, 21 Jan 2023 15:58:10 +0000
|
||
|
Subject: [PATCH] (CVE-2022-48281) tiffcrop: Correct simple copy paste error.
|
||
|
Fix #488.
|
||
|
|
||
|
Closes #488
|
||
|
|
||
|
See merge request libtiff/libtiff!459
|
||
|
|
||
|
(cherry picked from commit d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5)
|
||
|
---
|
||
|
tools/tiffcrop.c | 2 +-
|
||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
|
||
|
index 70d56e55..57940697 100644
|
||
|
--- a/tools/tiffcrop.c
|
||
|
+++ b/tools/tiffcrop.c
|
||
|
@@ -7741,7 +7741,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
|
||
|
crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
|
||
|
else
|
||
|
{
|
||
|
- prev_cropsize = seg_buffs[0].size;
|
||
|
+ prev_cropsize = seg_buffs[i].size;
|
||
|
if (prev_cropsize < cropsize)
|
||
|
{
|
||
|
next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES);
|