File _service:tar_scm:backport-CVE-2023-0800-0801-08... of Package libtiff

File _service:tar_scm:backport-CVE-2023-0800-0801-0802-0803-0804.patch of Package libtiff

From 69818e2f2d246e6631ac2a2da692c3706b849c38 Mon Sep 17 00:00:00 2001
From: Su_Laus <sulau@freenet.de>
Date: Sun, 29 Jan 2023 11:09:26 +0100
Subject: [PATCH] tiffcrop: Amend rotateImage() not to toggle the input (main)
 image width and length parameters when only cropped image sections are
 rotated. Remove buffptr from region structure because never used.

Closes #492 #493 #494 #495 #499 #518 #519
---
 tools/tiffcrop.c | 59 ++++++++++++++++++++++++++++--------------------
 1 file changed, 35 insertions(+), 24 deletions(-)

diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
index ebea7475..519871ec 100644
--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
@@ -296,7 +296,6 @@ struct region
     uint32_t width;    /* width in pixels */
     uint32_t length;   /* length in pixels */
     uint32_t buffsize; /* size of buffer needed to hold the cropped region */
-    unsigned char *buffptr; /* address of start of the region */
 };
 
 /* Cropping parameters from command line and image data
@@ -577,7 +576,7 @@ static int rotateContigSamples24bits(uint16_t, uint16_t, uint16_t, uint32_t,
 static int rotateContigSamples32bits(uint16_t, uint16_t, uint16_t, uint32_t,
                                      uint32_t, uint32_t, uint8_t *, uint8_t *);
 static int rotateImage(uint16_t, struct image_data *, uint32_t *, uint32_t *,
-                       unsigned char **, size_t *);
+                       unsigned char **, size_t *, int);
 static int mirrorImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
                        unsigned char *);
 static int invertImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
@@ -5782,7 +5781,6 @@ static void initCropMasks(struct crop_mask *cps)
         cps->regionlist[i].width = 0;
         cps->regionlist[i].length = 0;
         cps->regionlist[i].buffsize = 0;
-        cps->regionlist[i].buffptr = NULL;
         cps->zonelist[i].position = 0;
         cps->zonelist[i].total = 0;
     }
@@ -7266,9 +7264,13 @@ static int correct_orientation(struct image_data *image,
                       (uint16_t)(image->adjustments & ROTATE_ANY));
             return (-1);
         }
-
-        if (rotateImage(rotation, image, &image->width, &image->length,
-                        work_buff_ptr, NULL))
+        /* Dummy variable in order not to switch two times the
+         * image->width,->length within rotateImage(),
+         * but switch xres, yres there. */
+        uint32_t width = image->width;
+        uint32_t length = image->length;
+        if (rotateImage(rotation, image, &width, &length, work_buff_ptr, NULL,
+                        TRUE))
         {
             TIFFError("correct_orientation", "Unable to rotate image");
             return (-1);
@@ -7377,7 +7379,6 @@ static int extractCompositeRegions(struct image_data *image,
         /* These should not be needed for composite images */
         crop->regionlist[i].width = crop_width;
         crop->regionlist[i].length = crop_length;
-        crop->regionlist[i].buffptr = crop_buff;
 
         src_rowsize = ((img_width * bps * spp) + 7) / 8;
         dst_rowsize = (((crop_width * bps * count) + 7) / 8);
@@ -7640,7 +7641,6 @@ static int extractSeparateRegion(struct image_data *image,
 
     crop->regionlist[region].width = crop_width;
     crop->regionlist[region].length = crop_length;
-    crop->regionlist[region].buffptr = crop_buff;
 
     src = read_buff;
     dst = crop_buff;
@@ -8635,7 +8635,8 @@ static int processCropSelections(struct image_data *image,
              * accordingly. */
             size_t rot_buf_size = 0;
             if (rotateImage(crop->rotation, image, &crop->combined_width,
-                            &crop->combined_length, &crop_buff, &rot_buf_size))
+                            &crop->combined_length, &crop_buff, &rot_buf_size,
+                            FALSE))
             {
                 TIFFError("processCropSelections",
                           "Failed to rotate composite regions by %" PRIu32
@@ -8759,9 +8760,10 @@ static int processCropSelections(struct image_data *image,
                  * its size individually. Therefore, seg_buffs size  needs to be
                  * updated accordingly. */
                 size_t rot_buf_size = 0;
-                if (rotateImage(
-                        crop->rotation, image, &crop->regionlist[i].width,
-                        &crop->regionlist[i].length, &crop_buff, &rot_buf_size))
+                if (rotateImage(crop->rotation, image,
+                                &crop->regionlist[i].width,
+                                &crop->regionlist[i].length, &crop_buff,
+                                &rot_buf_size, FALSE))
                 {
                     TIFFError("processCropSelections",
                               "Failed to rotate crop region by %" PRIu16
@@ -8905,7 +8907,7 @@ static int createCroppedImage(struct image_data *image, struct crop_mask *crop,
         CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
     {
         if (rotateImage(crop->rotation, image, &crop->combined_width,
-                        &crop->combined_length, crop_buff_ptr, NULL))
+                        &crop->combined_length, crop_buff_ptr, NULL, TRUE))
         {
             TIFFError("createCroppedImage",
                       "Failed to rotate image or cropped selection by %" PRIu16
@@ -9621,7 +9623,8 @@ static int rotateContigSamples32bits(uint16_t rotation, uint16_t spp,
 /* Rotate an image by a multiple of 90 degrees clockwise */
 static int rotateImage(uint16_t rotation, struct image_data *image,
                        uint32_t *img_width, uint32_t *img_length,
-                       unsigned char **ibuff_ptr, size_t *rot_buf_size)
+                       unsigned char **ibuff_ptr, size_t *rot_buf_size,
+                       int rot_image_params)
 {
     int shift_width;
     uint32_t bytes_per_pixel, bytes_per_sample;
@@ -9869,11 +9872,15 @@ static int rotateImage(uint16_t rotation, struct image_data *image,
 
             *img_width = length;
             *img_length = width;
-            image->width = length;
-            image->length = width;
-            res_temp = image->xres;
-            image->xres = image->yres;
-            image->yres = res_temp;
+            /* Only toggle image parameters if whole input image is rotated. */
+            if (rot_image_params)
+            {
+                image->width = length;
+                image->length = width;
+                res_temp = image->xres;
+                image->xres = image->yres;
+                image->yres = res_temp;
+            }
             break;
 
         case 270:
@@ -9956,11 +9963,15 @@ static int rotateImage(uint16_t rotation, struct image_data *image,
 
             *img_width = length;
             *img_length = width;
-            image->width = length;
-            image->length = width;
-            res_temp = image->xres;
-            image->xres = image->yres;
-            image->yres = res_temp;
+            /* Only toggle image parameters if whole input image is rotated. */
+            if (rot_image_params)
+            {
+                image->width = length;
+                image->length = width;
+                res_temp = image->xres;
+                image->xres = image->yres;
+                image->yres = res_temp;
+            }
             break;
         default:
             break;
-- 
GitLab