blob: 83d5db7fc68cd84a844b61579f9c5d1ec88c543d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
From fb89eab3ed46bbb0276bdee05b570455f6a27d2f Mon Sep 17 00:00:00 2001
From: Su_Laus <sulau@freenet.de>
Date: Sun, 6 Feb 2022 19:52:17 +0100
Subject: [PATCH] Move the crop_width and crop_length computation after the
sanity check to avoid warnings when built with
-fsanitize=unsigned-integer-overflow.
Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/b258ed69a485a9cfb299d9f060eb2a46c54e5903?merge_request_iid=294]
Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com>
CVE: CVE-2022-2868
---
tools/tiffcrop.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
index 0ef5bb2..99e4208 100644
--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
@@ -5389,15 +5389,13 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image,
off->endx = endx;
off->endy = endy;
- crop_width = endx - startx + 1;
- crop_length = endy - starty + 1;
-
if (endx + 1 <= startx)
{
TIFFError("computeInputPixelOffsets",
"Invalid left/right margins and /or image crop width requested");
return (-1);
}
+ crop_width = endx - startx + 1;
if (crop_width > image->width)
crop_width = image->width;
@@ -5407,6 +5405,7 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image,
"Invalid top/bottom margins and /or image crop length requested");
return (-1);
}
+ crop_length = endy - starty + 1;
if (crop_length > image->length)
crop_length = image->length;
|