rpms/libtiff
7
0
Fork 0
Code Issues Pull Requests Releases Activity
c8s
libtiff/libtiff-4.6.0-CVE-2024-7006.patch
Michal Hlavinka 21cdd75b44 fix CVE-2024-7006 a null pointer dereference in tif_dirinfo (RHEL-52927) 
Resolves: RHEL-52927
2024-08-29 23:49:28 +02:00

47 lines
2.0 KiB
Diff
Raw Permalink Blame History

diff -up tiff-4.4.0/libtiff/tif_dirinfo.c.CVE-2024-7006 tiff-4.4.0/libtiff/tif_dirinfo.c
--- tiff-4.4.0/libtiff/tif_dirinfo.c.CVE-2024-7006 2024-08-16 00:35:35.339965778 +0200
+++ tiff-4.4.0/libtiff/tif_dirinfo.c 2024-08-16 00:54:58.255221954 +0200
@@ -824,7 +824,7 @@ _TIFFFindOrRegisterField(TIFF *tif, uint
fld = TIFFFindField(tif, tag, dt);
if (fld == NULL) {
fld = _TIFFCreateAnonField(tif, tag, dt);
- if (!_TIFFMergeFields(tif, fld, 1))
+ if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
return NULL;
}
diff -up tiff-4.0.9/libtiff/tif_dirread.c~ tiff-4.0.9/libtiff/tif_dirread.c
--- tiff-4.0.9/libtiff/tif_dirread.c~ 2024-08-29 23:31:19.884308223 +0200
+++ tiff-4.0.9/libtiff/tif_dirread.c 2024-08-29 23:31:19.909308479 +0200
@@ -3667,11 +3667,10 @@ TIFFReadDirectory(TIFF* tif)
dp->tdir_tag,dp->tdir_tag);
/* the following knowingly leaks the
anonymous field structure */
- if (!_TIFFMergeFields(tif,
- _TIFFCreateAnonField(tif,
- dp->tdir_tag,
- (TIFFDataType) dp->tdir_type),
- 1)) {
+ const TIFFField *fld = _TIFFCreateAnonField(
+ tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
+ if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
+ {
TIFFWarningExt(tif->tif_clientdata,
module,
"Registering anonymous field with tag %d (0x%x) failed",
@@ -4392,10 +4391,10 @@ TIFFReadCustomDirectory(TIFF* tif, toff_
TIFFWarningExt(tif->tif_clientdata, module,
"Unknown field with tag %d (0x%x) encountered",
dp->tdir_tag, dp->tdir_tag);
- if (!_TIFFMergeFields(tif, _TIFFCreateAnonField(tif,
- dp->tdir_tag,
- (TIFFDataType) dp->tdir_type),
- 1)) {
+ const TIFFField *fld = _TIFFCreateAnonField(
+ tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
+ if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
+ {
TIFFWarningExt(tif->tif_clientdata, module,
"Registering anonymous field with tag %d (0x%x) failed",
dp->tdir_tag, dp->tdir_tag);
Reference in New Issue View Git Blame Copy Permalink