File tiff-CVE-2023-52356.patch of Package tiff

Overview Repositories Revisions Requests Users Attributes Meta

File tiff-CVE-2023-52356.patch of Package tiff

Index: tiff-4.6.0/libtiff/tif_getimage.c
===================================================================
--- tiff-4.6.0.orig/libtiff/tif_getimage.c
+++ tiff-4.6.0/libtiff/tif_getimage.c
@@ -3224,6 +3224,13 @@ int TIFFReadRGBAStripExt(TIFF *tif, uint
     if (TIFFRGBAImageOK(tif, emsg) &&
         TIFFRGBAImageBegin(&img, tif, stop_on_error, emsg))
     {
+		if (row >= img.height)
+        {
+            TIFFErrorExtR(tif, TIFFFileName(tif),
+                          "Invalid row passed to TIFFReadRGBAStrip().");
+            TIFFRGBAImageEnd(&img);
+            return (0);
+        }
 
         img.row_offset = row;
         img.col_offset = 0;
@@ -3301,6 +3308,14 @@ int TIFFReadRGBATileExt(TIFF *tif, uint3
         return (0);
     }
 
+	if (col >= img.width || row >= img.height)
+    {
+        TIFFErrorExtR(tif, TIFFFileName(tif),
+                      "Invalid row/col passed to TIFFReadRGBATile().");
+        TIFFRGBAImageEnd(&img);
+        return (0);
+    }
+
     /*
      * The TIFFRGBAImageGet() function doesn't allow us to get off the
      * edge of the image, even to fill an otherwise valid tile.  So we

Places

File tiff-CVE-2023-52356.patch of Package tiff

Places