27 lines
1.0 KiB
Diff
27 lines
1.0 KiB
Diff
From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001
|
|
From: Su Laus <sulau@freenet.de>
|
|
Date: Sat, 21 Jan 2023 15:58:10 +0000
|
|
Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488.
|
|
|
|
|
|
Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.2.0-1+deb11u4.debian.tar.xz]
|
|
CVE: CVE-2022-48281
|
|
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
|
|
---
|
|
tools/tiffcrop.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
Index: tiff-4.2.0/tools/tiffcrop.c
|
|
===================================================================
|
|
--- tiff-4.2.0.orig/tools/tiffcrop.c
|
|
+++ tiff-4.2.0/tools/tiffcrop.c
|
|
@@ -7516,7 +7516,7 @@ processCropSelections(struct image_data
|
|
crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
|
|
else
|
|
{
|
|
- prev_cropsize = seg_buffs[0].size;
|
|
+ prev_cropsize = seg_buffs[1].size;
|
|
if (prev_cropsize < cropsize)
|
|
{
|
|
next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES);
|