!152 [sync] PR-148: fix CVE-2023-2731

From: @openeuler-sync-bot Reviewed-by: @leeffo Signed-off-by: @leeffo
2023-05-29 05:41:55 +00:00 · 2023-05-29 05:41:55 +00:00 · 0e8d85c6f5
commit 0e8d85c6f5
parent 3680c6bfb9 625960b341
2 changed files with 42 additions and 1 deletions
--- a/backport-CVE-2023-2731.patch
+++ b/backport-CVE-2023-2731.patch
@ -0,0 +1,37 @@
+From 9be22b639ea69e102d3847dca4c53ef025e9527b Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 29 Apr 2023 12:20:46 +0200
+Subject: [PATCH] LZWDecode(): avoid crash when trying to read again from a
+ strip whith a missing end-of-information marker (fixes #548)
+
+Reference:https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b
+Conflict:Adaptation Context
+---
+ libtiff/tif_lzw.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
+index 1f255d9..c0ef99c 100644
+--- a/libtiff/tif_lzw.c
+++ b/libtiff/tif_lzw.c
+@@ -404,6 +404,10 @@ LZWDecode(TIFF* tif, uint8_t* op0, tmsize_t occ0, uint16_t s)
+ 	assert(sp->dec_codetab != NULL);
+ 
+ 	if (sp->read_error) {
+		TIFFErrorExt(tif->tif_clientdata, module,
+                      "LZWDecode: Scanline %" PRIu32 " cannot be read due to "
+                      "previous error",
+                      tif->tif_row);
+ 		return 0;
+ 	}
+ 
+@@ -712,6 +716,7 @@ after_loop:
+ 	return (1);
+ 
+ no_eoi:
+    sp->read_error = 1;
+     TIFFErrorExt(tif->tif_clientdata, module,
+                     "LZWDecode: Strip %"PRIu32" not terminated with EOI code",
+                     tif->tif_curstrip);
+-- 
+2.33.0
--- a/libtiff.spec
+++ b/libtiff.spec
@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.3.0
-Release:        24
+Release:        25
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://www.simplesystems.org/libtiff/
@ -35,6 +35,7 @@ Patch6025:      backport-CVE-2022-48281.patch
 Patch6026:      backport-0001-CVE-2023-0795-0796-0797-0798-0799.patch
 Patch6027:      backport-0002-CVE-2023-0795-0796-0797-0798-0799.patch
 Patch6028:      backport-CVE-2023-0800-0801-0802-0803-0804.patch
+Patch6029:      backport-CVE-2023-2731.patch

 Patch9000:	fix-raw2tiff-floating-point-exception.patch

@ -158,6 +159,9 @@ find html -name 'Makefile*' | xargs rm
 %exclude %{_datadir}/html/man/tiffgt.1.html

 %changelog
+* Wed May 24 2023 zhangpan <zhangpan103@h-partners.com> - 4.3.0-25
+- fix CVE-2023-2731
+
 * Mon Feb 20 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 4.3.0-24
 - modified backport-CVE-2022-48281.patch