Skip to content
Snippets Groups Projects
Commit cfbb883b authored by Even Rouault's avatar Even Rouault
Browse files

Merge branch 'tiffcrop_fix_#435' into 'master' 

tiffcrop subroutines require a larger buffer (fixes #271, #381, #386, #388, #389, #435)

Closes #465, #464, #435, #389, #388, #386, #381 et #271

See merge request !382
parents e8131125 afd70860
No related branches found
No related tags found
Pipeline #666064440 passed
Stage: build
Stage: static-analysis
Stage: pages
Stage: deploy
Stage: external
Hide whitespace changes
Inline Side-by-side
Showing
with 118 additions and 91 deletions
  • Chintan Shah @shahcs

    mentioned in issue gitlab-org/cves#479 (closed)

     ·

    mentioned in issue gitlab-org/cves#479 (closed)

    Toggle commit list
  • Ian Constantin @ianc4

    mentioned in issue #435 (closed)

     ·

    mentioned in issue #435 (closed)

    Toggle commit list
  • CCPatcher @Crispy-fried-chicken ·

    According to the description of the CVE-2022-3598, the LibTIFF affected version of the vulnerability is 4.4.0 . However, based on the vulnerability code snippet, the earliest version is v3.9.0(https://github.com/libsdl-org/libtiff/blob/v3.9.0/tools/tiffcrop.c#L6158). code snippet:

    if (!sect_buff)
    {
    sect_buff = (unsigned char *)_TIFFmalloc(sectsize);
    *sect_buff_ptr = sect_buff;
    _TIFFmemset(sect_buff, 0, sectsize);
    }
  else
    {
    if (prev_sectsize < sectsize)
      {
      new_buff = _TIFFrealloc(sect_buff, sectsize);
      if (!new_buff)
        {
	free (sect_buff);
        sect_buff = (unsigned char *)_TIFFmalloc(sectsize);
        }
      else
        sect_buff = new_buff;

      _TIFFmemset(sect_buff, 0, sectsize);
      }
    }

    please confirm thank you!

0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment