1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
From b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8 Mon Sep 17 00:00:00 2001
From: Su_Laus <sulau@freenet.de>
Date: Fri, 5 May 2023 19:43:46 +0200
Subject: [PATCH] Consider error return of writeSelections(). Fixes #553
Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8]
CVE: CVE-2023-3618
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
tools/tiffcrop.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
index 0d02f56..8cbeb68 100644
--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
@@ -2459,9 +2459,15 @@ main(int argc, char* argv[])
{ /* Whole image or sections not based on output page size */
if (crop.selections > 0)
{
- writeSelections(in, &out, &crop, &image, &dump, seg_buffs,
- mp, argv[argc - 1], &next_page, total_pages);
- }
+ if (writeSelections(in, &out, &crop, &image, &dump,
+ seg_buffs, mp, argv[argc - 1],
+ &next_page, total_pages))
+ {
+ TIFFError("main",
+ "Unable to write new image selections");
+ exit(EXIT_FAILURE);
+ }
+ }
else /* One file all images and sections */
{
if (update_output_file (&out, mp, crop.exp_mode, argv[argc - 1],
@@ -7842,7 +7848,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
/* Memory is freed before crop_buff_ptr is overwritten */
if (*crop_buff_ptr != NULL)
{
- _TIFFfree(*crop_buff_ptr);
+ _TIFFfree(*crop_buff_ptr);
}
/* process full image, no crop buffer needed */
--
2.25.1
|