modified backport-CVE-2022-48281.patch

(cherry picked from commit 6c19528306c911b9ed86a4d050d2d7e8ce1dc76f)
2023-02-20 08:32:20 +00:00 · 2023-02-20 08:32:20 +00:00 · 087adc6d80
commit 087adc6d80
parent 90151af92d
2 changed files with 22 additions and 12 deletions
--- a/backport-CVE-2022-48281.patch
+++ b/backport-CVE-2022-48281.patch
@ -3,22 +3,29 @@ From: Su Laus <sulau@freenet.de>
 Date: Sat, 21 Jan 2023 15:58:10 +0000
 Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488.

+Reference:https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5
+Conflict:NA
 ---
- tools/tiffcrop.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ tools/tiffcrop.c     |  2 +-
+ 1 files changed, 1 insertions(+), 1 deletion(-)
+ create mode 100644 tools/tiffcrop.c.rej

 diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
-index 92f8d09..20b9c23 100644
+index 2c251aa..d3f7881 100644
 --- a/tools/tiffcrop.c
 +++ b/tools/tiffcrop.c
-@@ -7638,7 +7638,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
-       crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
-     else
-       {
-      prev_cropsize = seg_buffs[0].size;
-+      prev_cropsize = seg_buffs[i].size;
-       if (prev_cropsize < cropsize)
+@@ -7584,11 +7584,11 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+       crop_buff = seg_buffs[i].buffer; 
+       if (!crop_buff)
+         crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+       else
         {
-         next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+-        prev_cropsize = seg_buffs[0].size;
+        prev_cropsize = seg_buffs[i].size;
+         if (prev_cropsize < cropsize)
+           {
+           next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+           if (! next_buff)
+             {
 -- 
 2.33.0
--- a/libtiff.spec
+++ b/libtiff.spec
@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.3.0
-Release:        23
+Release:        24
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://www.simplesystems.org/libtiff/
@ -158,6 +158,9 @@ find html -name 'Makefile*' | xargs rm
 %exclude %{_datadir}/html/man/tiffgt.1.html

 %changelog
+* Mon Feb 20 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 4.3.0-24
+- modified backport-CVE-2022-48281.patch
+
 * Thu Feb 16 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 4.3.0-23
 - fix CVE-2023-0795,CVE-2023-0796,CVE-2023-0797,CVE-2023-0798,CVE-2023-0799,
 - fix CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,CVE-2023-0803,CVE-2023-0804