From 186a46ebfe483703e3120e825fc5f3eb26a1c0f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Mu=C5=BEila?= Date: Tue, 8 Aug 2023 15:42:54 +0200 Subject: [PATCH] (CVE-2023-3576) Fix memory leak in tiffcrop.c See merge request libtiff/libtiff!475 (cherry picked from commit 1d5b1181c980090a6518f11e61a18b0e268bf31a) --- tools/tiffcrop.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c index 07fc7ea3..be72ec52 100644 --- a/tools/tiffcrop.c +++ b/tools/tiffcrop.c @@ -7922,9 +7922,14 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, read_buff = *read_buff_ptr; - /* process full image, no crop buffer needed */ - crop_buff = read_buff; - *crop_buff_ptr = read_buff; + /* Memory is freed before crop_buff_ptr is overwritten */ + if (*crop_buff_ptr != NULL ) + { + _TIFFfree(*crop_buff_ptr); + } + + /* process full image, no crop buffer needed */ + *crop_buff_ptr = read_buff; crop->combined_width = image->width; crop->combined_length = image->length;