diff options
Diffstat (limited to 'main/tiff/CVE-2022-22844.patch')
-rw-r--r-- | main/tiff/CVE-2022-22844.patch | 40 |
1 files changed, 0 insertions, 40 deletions
diff --git a/main/tiff/CVE-2022-22844.patch b/main/tiff/CVE-2022-22844.patch deleted file mode 100644 index b1f89b444ce..00000000000 --- a/main/tiff/CVE-2022-22844.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 03047a26952a82daaa0792957ce211e0aa51bc64 Mon Sep 17 00:00:00 2001 -From: 4ugustus <wangdw.augustus@qq.com> -Date: Tue, 25 Jan 2022 16:25:28 +0000 -Subject: [PATCH] tiffset: fix global-buffer-overflow for ASCII tags where - count is required (fixes #355) - ---- - tools/tiffset.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/tools/tiffset.c b/tools/tiffset.c -index 8c9e23c5..e7a88c09 100644 ---- a/tools/tiffset.c -+++ b/tools/tiffset.c -@@ -146,9 +146,19 @@ main(int argc, char* argv[]) - - arg_index++; - if (TIFFFieldDataType(fip) == TIFF_ASCII) { -- if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1) -- fprintf( stderr, "Failed to set %s=%s\n", -- TIFFFieldName(fip), argv[arg_index] ); -+ if(TIFFFieldPassCount( fip )) { -+ size_t len; -+ len = strlen(argv[arg_index]) + 1; -+ if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip), -+ (uint16_t)len, argv[arg_index]) != 1) -+ fprintf( stderr, "Failed to set %s=%s\n", -+ TIFFFieldName(fip), argv[arg_index] ); -+ } else { -+ if (TIFFSetField(tiff, TIFFFieldTag(fip), -+ argv[arg_index]) != 1) -+ fprintf( stderr, "Failed to set %s=%s\n", -+ TIFFFieldName(fip), argv[arg_index] ); -+ } - } else if (TIFFFieldWriteCount(fip) > 0 - || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) { - int ret = 1; --- -GitLab - |