From ceda67e40c74a8149d3955c7085bfc3764f3a75d Mon Sep 17 00:00:00 2001
From: zhangpan <zp1224248514@163.com>
Date: Thu, 13 Jul 2023 02:15:55 +0000
Subject: [PATCH] fix CVE-2023-3576

(cherry picked from commit f13f5944a1fde37a7b86552f0f1dac4e5b251c9d)
---
 backport-CVE-2023-3576.patch | 34 ++++++++++++++++++++++++++++++++++
 libtiff.spec                 |  6 +++++-
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2023-3576.patch

diff --git a/backport-CVE-2023-3576.patch b/backport-CVE-2023-3576.patch
new file mode 100644
index 0000000..1dbb3fd
--- /dev/null
+++ b/backport-CVE-2023-3576.patch
@@ -0,0 +1,34 @@
+From 881a070194783561fd209b7c789a4e75566f7f37 Mon Sep 17 00:00:00 2001
+From: zhailiangliang <zhailiangliang@loongson.cn>
+Date: Tue, 7 Mar 2023 15:02:08 +0800
+Subject: [PATCH] Fix memory leak in tiffcrop.c
+
+Reference:https://gitlab.com/libtiff/libtiff/-/merge_requests/475/diffs
+Conflict:Adaptation Context
+
+---
+ tools/tiffcrop.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index e2f8b83..39156b5 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -7917,8 +7917,13 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ 
+   read_buff = *read_buff_ptr;
+ 
++  /* Memory is freed before crop_buff_ptr is overwritten */
++  if (*crop_buff_ptr != NULL)
++  {
++    _TIFFfree(*crop_buff_ptr);
++  }
++
+   /* process full image, no crop buffer needed */
+-  crop_buff = read_buff;
+   *crop_buff_ptr = read_buff;
+   crop->combined_width = image->width;
+   crop->combined_length = image->length;
+-- 
+2.27.0
+
diff --git a/libtiff.spec b/libtiff.spec
index 631347c..08a5f23 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.3.0
-Release:        14
+Release:        15
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://www.simplesystems.org/libtiff/
@@ -41,6 +41,7 @@ Patch6031:      backport-CVE-2023-3316.patch
 Patch6032:      backport-CVE-2023-25433.patch
 Patch6033:      backport-CVE-2023-26966.patch
 Patch6034:      backport-CVE-2023-2908.patch
+Patch6035:      backport-CVE-2023-3576.patch
 
 Patch9000:	fix-raw2tiff-floating-point-exception.patch
 
@@ -143,6 +144,9 @@ find html -name 'Makefile*' | xargs rm
 %exclude %{_datadir}/html/man/tiffgt.1.html
 
 %changelog
+* Thu Jul 13 2023 zhangpan <zhangpan103@h-partners.com> - 4.3.0-15
+- fix CVE-2023-3576
+
 * Tue Jul 04 2023 zhangpan <zhangpan103@h-partners.com> - 4.3.0-14
 - fix CVE-2023-25433 CVE-2023-26966 CVE-2023-2908