31 lines
1.2 KiB
Diff
31 lines
1.2 KiB
Diff
From b94f6754796d32e204b874b3660a125973815933 Mon Sep 17 00:00:00 2001
|
|
From: Even Rouault <even.rouault@spatialys.com>
|
|
Date: Sun, 6 Feb 2022 13:08:38 +0100
|
|
Subject: [PATCH] (CVE-2022-0561) TIFFFetchStripThing(): avoid calling memcpy()
|
|
with a null source pointer and size of zero (fixes #362)
|
|
|
|
(cherry picked from commit eecb0712f4c3a5b449f70c57988260a667ddbdef)
|
|
---
|
|
libtiff/tif_dirread.c | 5 +++--
|
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
|
|
index 80aaf8d1..1e6f1c2f 100644
|
|
--- a/libtiff/tif_dirread.c
|
|
+++ b/libtiff/tif_dirread.c
|
|
@@ -5633,8 +5633,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp)
|
|
_TIFFfree(data);
|
|
return(0);
|
|
}
|
|
- _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
|
|
- _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
|
|
+ if( dir->tdir_count )
|
|
+ _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
|
|
+ _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
|
|
_TIFFfree(data);
|
|
data=resizeddata;
|
|
}
|
|
--
|
|
2.34.1
|
|
|