56 lines
1.2 KiB
Diff
56 lines
1.2 KiB
Diff
From 9a0ec729ad38af873eac5d896cb38219cb50d49c Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Matej=20Mu=C5=BEila?= <mmuzila@redhat.com>
|
|
Date: Tue, 1 Aug 2023 16:04:17 +0200
|
|
Subject: [PATCH] (CVE-2023-3316) TIFFClose() avoid NULL pointer dereferencing.
|
|
fix#515
|
|
|
|
Closes #515
|
|
|
|
(cherry picked from commit f171d7a2cd50e34975036748a395c156d32d9235)
|
|
---
|
|
libtiff/tif_close.c | 6 ++++--
|
|
tools/tiffcrop.c | 7 +++++--
|
|
2 files changed, 9 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/libtiff/tif_close.c b/libtiff/tif_close.c
|
|
index 04977bc7..6c9f7349 100644
|
|
--- a/libtiff/tif_close.c
|
|
+++ b/libtiff/tif_close.c
|
|
@@ -125,13 +125,15 @@ TIFFCleanup(TIFF* tif)
|
|
void
|
|
TIFFClose(TIFF* tif)
|
|
{
|
|
- TIFFCloseProc closeproc = tif->tif_closeproc;
|
|
+ if (tif != NULL)
|
|
+ {
|
|
+ TIFFCloseProc closeproc = tif->tif_closeproc;
|
|
thandle_t fd = tif->tif_clientdata;
|
|
|
|
TIFFCleanup(tif);
|
|
(void) (*closeproc)(fd);
|
|
}
|
|
-
|
|
+}
|
|
/* vim: set ts=8 sts=8 sw=8 noet: */
|
|
|
|
/*
|
|
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
|
|
index d9b91e4e..07fc7ea3 100644
|
|
--- a/tools/tiffcrop.c
|
|
+++ b/tools/tiffcrop.c
|
|
@@ -2553,9 +2553,12 @@ main(int argc, char* argv[])
|
|
}
|
|
}
|
|
|
|
- TIFFClose(out);
|
|
+ if (out != NULL)
|
|
+ {
|
|
+ TIFFClose(out);
|
|
+ }
|
|
|
|
- return (0);
|
|
+ return (0);
|
|
} /* end main */
|
|
|
|
|