libtiff/backport-CVE-2022-0908.patch

From a95b799f65064e4ba2e2dfc206808f86faf93e85 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Thu, 17 Feb 2022 15:28:43 +0100
Subject: [PATCH] TIFFFetchNormalTag(): avoid calling memcpy() with a null
 source pointer and size of zero (fixes #383)

---
 libtiff/tif_dirread.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index d654a1c..a31109a 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -5080,7 +5080,10 @@ TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover)
 								_TIFFfree(data);
 							return(0);
 						}
-						_TIFFmemcpy(o,data,(uint32_t)dp->tdir_count);
+						if (dp->tdir_count > 0 )
+						{
+							_TIFFmemcpy(o,data,(uint32_t)dp->tdir_count);
+						}
 						o[(uint32_t)dp->tdir_count]=0;
 						if (data!=0)
 							_TIFFfree(data);
-- 
2.27.0
fix CVE-2022-0908 2022-03-22 15:29:19 +08:00			`From a95b799f65064e4ba2e2dfc206808f86faf93e85 Mon Sep 17 00:00:00 2001`
			`From: Even Rouault <even.rouault@spatialys.com>`
			`Date: Thu, 17 Feb 2022 15:28:43 +0100`
			`Subject: [PATCH] TIFFFetchNormalTag(): avoid calling memcpy() with a null`
			`source pointer and size of zero (fixes #383)`

			`---`
			`libtiff/tif_dirread.c \| 5 ++++-`
			`1 file changed, 4 insertions(+), 1 deletion(-)`

			`diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c`
1 2022-06-23 15:15:15 +08:00			`index d654a1c..a31109a 100644`
fix CVE-2022-0908 2022-03-22 15:29:19 +08:00			`--- a/libtiff/tif_dirread.c`
			`+++ b/libtiff/tif_dirread.c`
1 2022-06-23 15:15:15 +08:00			`@@ -5080,7 +5080,10 @@ TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover)`
fix CVE-2022-0908 2022-03-22 15:29:19 +08:00			`_TIFFfree(data);`
			`return(0);`
			`}`
1 2022-06-23 15:15:15 +08:00			`- _TIFFmemcpy(o,data,(uint32_t)dp->tdir_count);`
fix CVE-2022-0908 2022-03-22 15:29:19 +08:00			`+ if (dp->tdir_count > 0 )`
			`+ {`
1 2022-06-23 15:15:15 +08:00			`+ _TIFFmemcpy(o,data,(uint32_t)dp->tdir_count);`
fix CVE-2022-0908 2022-03-22 15:29:19 +08:00			`+ }`
1 2022-06-23 15:15:15 +08:00			`o[(uint32_t)dp->tdir_count]=0;`
fix CVE-2022-0908 2022-03-22 15:29:19 +08:00			`if (data!=0)`
			`_TIFFfree(data);`
			`--`
			`2.27.0`