35 lines
1.1 KiB
Diff
35 lines
1.1 KiB
Diff
From 186a46ebfe483703e3120e825fc5f3eb26a1c0f5 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Matej=20Mu=C5=BEila?= <mmuzila@redhat.com>
|
|
Date: Tue, 8 Aug 2023 15:42:54 +0200
|
|
Subject: [PATCH] (CVE-2023-3576) Fix memory leak in tiffcrop.c
|
|
|
|
See merge request libtiff/libtiff!475
|
|
|
|
(cherry picked from commit 1d5b1181c980090a6518f11e61a18b0e268bf31a)
|
|
---
|
|
tools/tiffcrop.c | 11 ++++++++---
|
|
1 file changed, 8 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
|
|
index 07fc7ea3..be72ec52 100644
|
|
--- a/tools/tiffcrop.c
|
|
+++ b/tools/tiffcrop.c
|
|
@@ -7922,9 +7922,14 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
|
|
|
|
read_buff = *read_buff_ptr;
|
|
|
|
- /* process full image, no crop buffer needed */
|
|
- crop_buff = read_buff;
|
|
- *crop_buff_ptr = read_buff;
|
|
+ /* Memory is freed before crop_buff_ptr is overwritten */
|
|
+ if (*crop_buff_ptr != NULL )
|
|
+ {
|
|
+ _TIFFfree(*crop_buff_ptr);
|
|
+ }
|
|
+
|
|
+ /* process full image, no crop buffer needed */
|
|
+ *crop_buff_ptr = read_buff;
|
|
crop->combined_width = image->width;
|
|
crop->combined_length = image->length;
|
|
|