|
| 1 | +From 8f5b805d55a2b08898342b04db90653964b6177e Mon Sep 17 00:00:00 2001 |
| 2 | +From: Lee Howard < [email protected]> |
| 3 | +Date: Sun, 11 Aug 2024 16:01:07 +0000 |
| 4 | +Subject: [PATCH] Attempt to address tiffcrop Coverity scan issues 1605444, |
| 5 | + 1605445, and 1605449. |
| 6 | + |
| 7 | +Signed-off-by: Azure Linux Security Servicing Account < [email protected]> |
| 8 | +Upstream Patch Reference: https://gitlab.com/libtiff/libtiff/-/commit/8a7a48d7a645992ca83062b3a1873c951661e2b3.patch: |
| 9 | +--- |
| 10 | + archive/tools/tiffcrop.c | 17 ++++++++++++----- |
| 11 | + 1 file changed, 12 insertions(+), 5 deletions(-) |
| 12 | + |
| 13 | +diff --git a/archive/tools/tiffcrop.c b/archive/tools/tiffcrop.c |
| 14 | +index d3365de..93f0779 100644 |
| 15 | +--- a/archive/tools/tiffcrop.c |
| 16 | ++++ b/archive/tools/tiffcrop.c |
| 17 | +@@ -5573,7 +5573,14 @@ static int readSeparateStripsIntoBuffer(TIFF *in, uint8_t *obuf, |
| 18 | + buff = srcbuffs[s]; |
| 19 | + strip = (s * strips_per_sample) + j; |
| 20 | + bytes_read = TIFFReadEncodedStrip(in, strip, buff, stripsize); |
| 21 | +- rows_this_strip = (uint32_t)(bytes_read / src_rowsize); |
| 22 | ++ if (bytes_read < 0) |
| 23 | ++ { |
| 24 | ++ rows_this_strip = 0; |
| 25 | ++ } |
| 26 | ++ else |
| 27 | ++ { |
| 28 | ++ rows_this_strip = (uint32_t)(bytes_read / src_rowsize); |
| 29 | ++ } |
| 30 | + if (bytes_read < 0 && !ignore) |
| 31 | + { |
| 32 | + TIFFError(TIFFFileName(in), |
| 33 | +@@ -6002,7 +6009,7 @@ static int computeInputPixelOffsets(struct crop_mask *crop, |
| 34 | + rmargin = _TIFFClampDoubleToUInt32(crop->margins[3] * scale * xres); |
| 35 | + } |
| 36 | + |
| 37 | +- if ((lmargin + rmargin) > image->width) |
| 38 | ++ if (lmargin == 0xFFFFFFFFU || rmargin == 0xFFFFFFFFU || (lmargin + rmargin) > image->width) |
| 39 | + { |
| 40 | + TIFFError("computeInputPixelOffsets", |
| 41 | + "Combined left and right margins exceed image width"); |
| 42 | +@@ -6010,7 +6017,7 @@ static int computeInputPixelOffsets(struct crop_mask *crop, |
| 43 | + rmargin = (uint32_t)0; |
| 44 | + return (-1); |
| 45 | + } |
| 46 | +- if ((tmargin + bmargin) > image->length) |
| 47 | ++ if (tmargin == 0xFFFFFFFFU || bmargin == 0xFFFFFFFFU || (tmargin + bmargin) > image->length) |
| 48 | + { |
| 49 | + TIFFError("computeInputPixelOffsets", |
| 50 | + "Combined top and bottom margins exceed image length"); |
| 51 | +@@ -6592,14 +6599,14 @@ static int computeOutputPixelOffsets(struct crop_mask *crop, |
| 52 | + ((image->bps + 7) / 8)); |
| 53 | + } |
| 54 | + |
| 55 | +- if ((hmargin * 2.0) > (pwidth * page->hres)) |
| 56 | ++ if (hmargin == 0xFFFFFFFFU || (hmargin * 2.0) > (pwidth * page->hres)) |
| 57 | + { |
| 58 | + TIFFError("computeOutputPixelOffsets", |
| 59 | + "Combined left and right margins exceed page width"); |
| 60 | + hmargin = (uint32_t)0; |
| 61 | + return (-1); |
| 62 | + } |
| 63 | +- if ((vmargin * 2.0) > (plength * page->vres)) |
| 64 | ++ if (vmargin == 0xFFFFFFFFU || (vmargin * 2.0) > (plength * page->vres)) |
| 65 | + { |
| 66 | + TIFFError("computeOutputPixelOffsets", |
| 67 | + "Combined top and bottom margins exceed page length"); |
| 68 | +-- |
| 69 | +2.45.4 |
| 70 | + |
0 commit comments