Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
tiff
tiff-CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tiff-CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,CVE-2023-0803,CVE-2023-0804.patch of Package tiff
Upstream commit: 33aee1275d9d1384791d2206776eb8152d397f00 Index: tiff-4.0.9/tools/tiffcrop.c =================================================================== --- tiff-4.0.9.orig/tools/tiffcrop.c +++ tiff-4.0.9/tools/tiffcrop.c @@ -5181,18 +5181,42 @@ computeInputPixelOffsets(struct crop_mas crop->regionlist[i].buffsize = buffsize; crop->bufftotal += buffsize; + + /* For composite images with more than one region, the + * combined_length or combined_width always needs to be equal, + * respectively. + * Otherwise, even the first section/region copy + * action might cause buffer overrun. */ if (crop->img_mode == COMPOSITE_IMAGES) { switch (crop->edge_ref) { case EDGE_LEFT: case EDGE_RIGHT: + if (i > 0 && zlength != crop->combined_length) + { + TIFFError( + "computeInputPixelOffsets", + "Only equal length regions can be combined for " + "-E left or right"); + return (-1); + } + crop->combined_length = zlength; crop->combined_width += zwidth; break; case EDGE_BOTTOM: case EDGE_TOP: /* width from left, length from top */ default: + if (i > 0 && zwidth != crop->combined_width) + { + TIFFError("computeInputPixelOffsets", + "Only equal width regions can be " + "combined for -E " + "top or bottom"); + return (-1); + } + crop->combined_width = zwidth; crop->combined_length += zlength; break; @@ -6321,6 +6345,46 @@ extractCompositeRegions(struct image_dat crop->combined_width = 0; crop->combined_length = 0; + /* If there is more than one region, check beforehand whether all the width + * and length values of the regions are the same, respectively. */ + switch (crop->edge_ref) + { + default: + case EDGE_TOP: + case EDGE_BOTTOM: + for (i = 1; i < crop->selections; i++) + { + uint32_t crop_width0 = + crop->regionlist[i - 1].x2 - crop->regionlist[i - 1].x1 + 1; + uint32_t crop_width1 = + crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1; + if (crop_width0 != crop_width1) + { + TIFFError("extractCompositeRegions", + "Only equal width regions can be combined for -E " + "top or bottom"); + return (1); + } + } + break; + case EDGE_LEFT: + case EDGE_RIGHT: + for (i = 1; i < crop->selections; i++) + { + uint32_t crop_length0 = + crop->regionlist[i - 1].y2 - crop->regionlist[i - 1].y1 + 1; + uint32_t crop_length1 = + crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1; + if (crop_length0 != crop_length1) + { + TIFFError("extractCompositeRegions", + "Only equal length regions can be combined for " + "-E left or right"); + return (1); + } + } + } + for (i = 0; i < crop->selections; i++) { /* rows, columns, width, length are expressed in pixels */ @@ -6345,7 +6409,7 @@ extractCompositeRegions(struct image_dat default: case EDGE_TOP: case EDGE_BOTTOM: - if ((i > 0) && (crop_width != crop->regionlist[i - 1].width)) + if ((crop->selections > i + 1) && (crop_width != crop->regionlist[i + 1].width)) { TIFFError ("extractCompositeRegions", "Only equal width regions can be combined for -E top or bottom"); @@ -6426,7 +6490,7 @@ extractCompositeRegions(struct image_dat break; case EDGE_LEFT: /* splice the pieces of each row together, side by side */ case EDGE_RIGHT: - if ((i > 0) && (crop_length != crop->regionlist[i - 1].length)) + if ((crop->selections > i + 1) && (crop_length != crop->regionlist[i + 1].length)) { TIFFError ("extractCompositeRegions", "Only equal length regions can be combined for -E left or right");
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
