From b7426cc131d837de8d139b8007f66f9db59c4f6a Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Sat, 5 Feb 2022 20:36:41 +0100 Subject: [PATCH] (CVE-2022-0562) TIFFReadDirectory(): avoid calling memcpy() with a null source pointer and size of zero (fixes #362) (cherry picked from commit 561599c99f987dc32ae110370cfdd7df7975586b) --- libtiff/tif_dirread.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c index 1e6f1c2f..d68aecc5 100644 --- a/libtiff/tif_dirread.c +++ b/libtiff/tif_dirread.c @@ -4083,7 +4083,8 @@ TIFFReadDirectory(TIFF* tif) goto bad; } - memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16)); + if (old_extrasamples > 0) + memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16)); _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples); _TIFFfree(new_sampleinfo); }