File _service:extract_file:backport-CVE-2022-0561.patch of Package libtiff

File _service:extract_file:backport-CVE-2022-0561.patch of Package libtiff (Revision 69b98a2ff164bdd1d338adb04cd3e7a8)

Currently displaying revision 69b98a2ff164bdd1d338adb04cd3e7a8 , Show latest

From eecb0712f4c3a5b449f70c57988260a667ddbdef Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sun, 6 Feb 2022 13:08:38 +0100
Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null
 source pointer and size of zero (fixes #362)

---
 libtiff/tif_dirread.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index 23194ced..50ebf8ac 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -5777,8 +5777,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32_t nstrips, uint64_t** l
 			_TIFFfree(data);
 			return(0);
 		}
-                _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
-                _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
+		if( dir->tdir_count )
+			_TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
+		_TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
 		_TIFFfree(data);
 		data=resizeddata;
 	}
-- 
GitLab