HYL/HYL_OK3568_LINUX
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
HYL_OK3568_LINUX/yocto/poky/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch
HYL c6e7b553e6 first commit
2025-05-10 21:49:39 +08:00

30 lines
1.2 KiB
Diff
Raw Blame History

From 895867b72bd6c46da79de1a07d0993cd104e92cd Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sun, 6 Feb 2022 13:08:38 +0100
Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null
source pointer and size of zero (fixes #362)
Upstream-Status: Backport
CVE: CVE-2022-0561
---
libtiff/tif_dirread.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index ae52ad4..d654a1c 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -5766,8 +5766,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32_t nstrips, uint64_t** l
_TIFFfree(data);
return(0);
}
- _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
- _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
+ if( dir->tdir_count )
+ _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
+ _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
_TIFFfree(data);
data=resizeddata;
}
Reference in New Issue View Git Blame Copy Permalink