packages/libtiff
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!47 fix CVE-2022-0908

Browse Source 
From: @yangcheng1203 
Reviewed-by: @yanan-rock 
Signed-off-by: @yanan-rock
This commit is contained in:
openeuler-ci-bot 2022-03-22 15:18:50 +00:00 committed by Gitee
commit ff5d12d526
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 40 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
backport-CVE-2022-0908.patch Normal file
View File

@ -0,0 +1,29 @@
From a95b799f65064e4ba2e2dfc206808f86faf93e85 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Thu, 17 Feb 2022 15:28:43 +0100
Subject: [PATCH] TIFFFetchNormalTag(): avoid calling memcpy() with a null
source pointer and size of zero (fixes #383)
---
libtiff/tif_dirread.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index 28a7992..b9b4079 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -5021,7 +5021,10 @@ TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover)
_TIFFfree(data);
return(0);
}
- _TIFFmemcpy(o,data,(uint32)dp->tdir_count);
+ if (dp->tdir_count > 0 )
+ {
+ _TIFFmemcpy(o,data,(uint32)dp->tdir_count);
+ }
o[(uint32)dp->tdir_count]=0;
if (data!=0)
_TIFFfree(data);
--
2.27.0

9
libtiff.spec
View File

@ -1,6 +1,6 @@
Name: libtiff Name: libtiff
Version: 4.1.0 Version: 4.1.0
Release: 6 Release: 7
Summary: TIFF Library and Utilities Summary: TIFF Library and Utilities
License: libtiff License: libtiff
URL: https://www.simplesystems.org/libtiff/ URL: https://www.simplesystems.org/libtiff/
@ -15,6 +15,7 @@ Patch6005: backport-0001-CVE-2022-22844.patch
Patch6006: backport-0002-CVE-2022-22844.patch Patch6006: backport-0002-CVE-2022-22844.patch
Patch6007: backport-0003-CVE-2022-22844.patch Patch6007: backport-0003-CVE-2022-22844.patch
Patch6008: backport-CVE-2022-0891.patch Patch6008: backport-CVE-2022-0891.patch
Patch6009: backport-CVE-2022-0908.patch
BuildRequires: gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel BuildRequires: gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel
BuildRequires: libtool automake autoconf pkgconfig git BuildRequires: libtool automake autoconf pkgconfig git
@ -121,6 +122,12 @@ find html -name 'Makefile*' | xargs rm
%exclude %{_datadir}/html/man/tiffgt.1.html %exclude %{_datadir}/html/man/tiffgt.1.html
%changelog %changelog
* Tue Mar 22 2022 yangcheng <yangcheng87@h-partners.com> - 4.1.0-7
- Type:cve
- ID:CVE-2022-0908
- SUG:NA
- DESC:fix CVE-2022-0908 and modify CVE-2022-0891 patch
* Thu Mar 17 2022 wangkerong <wangkerong@h-partners.com> - 4.1.0-6 * Thu Mar 17 2022 wangkerong <wangkerong@h-partners.com> - 4.1.0-6
- Type:cve - Type:cve
- ID:CVE-2022-0891 - ID:CVE-2022-0891