33d4233efd
Backport upstream fix for CVE-2025-8176 to prevent skipping the first
line of input images in tiffdither and tiffmedian tools. The patch
corrects loop initialization and scanline writing parameters to ensure
all image lines are processed correctly.
CVE: CVE-2025-8176
Upstream fix: fe10872e53.patch
Resolves: RHEL-120230
This commit was backported by Jotnar, a Red Hat Enterprise Linux software maintenance AI agent.
Assisted-by: Jotnar
71 lines
2.0 KiB
Diff
71 lines
2.0 KiB
Diff
From 0117a16f9c0b6e3462b8547fa56ea90f3e198b10 Mon Sep 17 00:00:00 2001
|
|
From: Lee Howard <faxguy@howardsilvan.com>
|
|
Date: Mon, 19 May 2025 10:53:30 -0700
|
|
Subject: [PATCH] Don't skip the first line of the input image. Addresses issue
|
|
#703
|
|
|
|
---
|
|
tools/tiffdither.c | 4 ++--
|
|
tools/tiffmedian.c | 9 ++++++---
|
|
2 files changed, 8 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/tools/tiffdither.c b/tools/tiffdither.c
|
|
index 247553c..cc41c51 100644
|
|
--- a/tools/tiffdither.c
|
|
+++ b/tools/tiffdither.c
|
|
@@ -93,7 +93,7 @@ fsdither(TIFF* in, TIFF* out)
|
|
nextptr = nextline;
|
|
for (j = 0; j < imagewidth; ++j)
|
|
*nextptr++ = *inptr++;
|
|
- for (i = 1; i < imagelength; ++i) {
|
|
+ for (i = 0; i < imagelength; ++i) {
|
|
tmpptr = thisline;
|
|
thisline = nextline;
|
|
nextline = tmpptr;
|
|
@@ -136,7 +136,7 @@ fsdither(TIFF* in, TIFF* out)
|
|
nextptr[0] += v / 16;
|
|
}
|
|
}
|
|
- if (TIFFWriteScanline(out, outline, i-1, 0) < 0)
|
|
+ if (TIFFWriteScanline(out, outline, i, 0) < 0)
|
|
goto skip_on_error;
|
|
}
|
|
goto exit_label;
|
|
diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c
|
|
index f0c892e..99fd1f2 100644
|
|
--- a/tools/tiffmedian.c
|
|
+++ b/tools/tiffmedian.c
|
|
@@ -370,7 +370,10 @@ get_histogram(TIFF* in, Colorbox* box)
|
|
}
|
|
for (i = 0; i < imagelength; i++) {
|
|
if (TIFFReadScanline(in, inputline, i, 0) <= 0)
|
|
- break;
|
|
+ {
|
|
+ fprintf(stderr, "Error reading scanline\n");
|
|
+ exit(EXIT_FAILURE);
|
|
+ }
|
|
inptr = inputline;
|
|
for (j = imagewidth; j-- > 0;) {
|
|
red = (*inptr++) & 0xff >> COLOR_SHIFT;
|
|
@@ -829,7 +832,7 @@ quant_fsdither(TIFF* in, TIFF* out)
|
|
outline = (unsigned char *) _TIFFmalloc(TIFFScanlineSize(out));
|
|
|
|
GetInputLine(in, 0, goto bad); /* get first line */
|
|
- for (i = 1; i <= imagelength; ++i) {
|
|
+ for (i = 0; i < imagelength; ++i) {
|
|
SWAP(short *, thisline, nextline);
|
|
lastline = (i >= imax);
|
|
if (i <= imax)
|
|
@@ -900,7 +903,7 @@ quant_fsdither(TIFF* in, TIFF* out)
|
|
nextptr += 3;
|
|
}
|
|
}
|
|
- if (TIFFWriteScanline(out, outline, i-1, 0) < 0)
|
|
+ if (TIFFWriteScanline(out, outline, i, 0) < 0)
|
|
break;
|
|
}
|
|
bad:
|
|
--
|
|
2.47.3
|
|
|