git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/blob

   1 CVE: CVE-2022-0865
   2 Upstream-Status: Backport
   3 Signed-off-by: Ross Burton <ross.burton@arm.com>
   4
   5 From 88da11ae3c4db527cb870fb1017456cc8fbac2e7 Mon Sep 17 00:00:00 2001
   6 From: Even Rouault <even.rouault@spatialys.com>
   7 Date: Thu, 24 Feb 2022 22:26:02 +0100
   8 Subject: [PATCH 1/6] tif_jbig.c: fix crash when reading a file with multiple
   9  IFD in memory-mapped mode and when bit reversal is needed (fixes #385)
  10
  11 ---
  12  libtiff/tif_jbig.c | 10 ++++++++++
  13  1 file changed, 10 insertions(+)
  14
  15 diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c
  16 index 74086338..8bfa4cef 100644
  17 --- a/libtiff/tif_jbig.c
  18 +++ b/libtiff/tif_jbig.c
  19 @@ -209,6 +209,16 @@ int TIFFInitJBIG(TIFF* tif, int scheme)
  20          */
  21         tif->tif_flags |= TIFF_NOBITREV;
  22         tif->tif_flags &= ~TIFF_MAPPED;
  23 +       /* We may have read from a previous IFD and thus set TIFF_BUFFERMMAP and
  24 +        * cleared TIFF_MYBUFFER. It is necessary to restore them to their initial
  25 +        * value to be consistent with the state of a non-memory mapped file.
  26 +        */
  27 +       if (tif->tif_flags&TIFF_BUFFERMMAP) {
  28 +               tif->tif_rawdata = NULL;
  29 +               tif->tif_rawdatasize = 0;
  30 +               tif->tif_flags &= ~TIFF_BUFFERMMAP;
  31 +               tif->tif_flags |= TIFF_MYBUFFER;
  32 +       }
  33
  34         /* Setup the function pointers for encode, decode, and cleanup. */
  35         tif->tif_setupdecode = JBIGSetupDecode;
  36 --
  37 2.25.1
  38