mirror of
https://git.yoctoproject.org/poky
synced 2026-07-16 03:47:03 +00:00
tiff: patch CVE-2025-8961
Pick commit mentioned in [1]. [1] https://security-tracker.debian.org/tracker/CVE-2025-8961 (From OE-Core rev: c171a41e58e2f151dada61ee2a53c15ceaaa85c0) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
committed by
Steve Sakoman
parent
ac184e133b
commit
639a818fd0
@@ -0,0 +1,73 @@
|
||||
From 0ac97aa7a5bffddd88f7cdbe517264e9db3f5bd5 Mon Sep 17 00:00:00 2001
|
||||
From: Lee Howard <faxguy@howardsilvan.com>
|
||||
Date: Fri, 5 Sep 2025 21:42:35 +0000
|
||||
Subject: [PATCH] tiffcrop: fix double-free and memory leak exposed by issue
|
||||
#721
|
||||
|
||||
CVE: CVE-2025-8961
|
||||
Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/0ac97aa7a5bffddd88f7cdbe517264e9db3f5bd5]
|
||||
Signed-off-by: Peter Marko <peter.marko@siemens.com>
|
||||
---
|
||||
tools/tiffcrop.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
|
||||
index ae414efc..be250cc9 100644
|
||||
--- a/tools/tiffcrop.c
|
||||
+++ b/tools/tiffcrop.c
|
||||
@@ -1072,6 +1072,7 @@ static int readContigTilesIntoBuffer(TIFF *in, uint8_t *buf,
|
||||
"Unable to extract row %" PRIu32
|
||||
" from tile %" PRIu32,
|
||||
row, TIFFCurrentTile(in));
|
||||
+ _TIFFfree(tilebuf);
|
||||
return 1;
|
||||
}
|
||||
break;
|
||||
@@ -1086,6 +1087,7 @@ static int readContigTilesIntoBuffer(TIFF *in, uint8_t *buf,
|
||||
"Unable to extract row %" PRIu32
|
||||
" from tile %" PRIu32,
|
||||
row, TIFFCurrentTile(in));
|
||||
+ _TIFFfree(tilebuf);
|
||||
return 1;
|
||||
}
|
||||
break;
|
||||
@@ -1098,6 +1100,7 @@ static int readContigTilesIntoBuffer(TIFF *in, uint8_t *buf,
|
||||
"Unable to extract row %" PRIu32
|
||||
" from tile %" PRIu32,
|
||||
row, TIFFCurrentTile(in));
|
||||
+ _TIFFfree(tilebuf);
|
||||
return 1;
|
||||
}
|
||||
break;
|
||||
@@ -1110,6 +1113,7 @@ static int readContigTilesIntoBuffer(TIFF *in, uint8_t *buf,
|
||||
"Unable to extract row %" PRIu32
|
||||
" from tile %" PRIu32,
|
||||
row, TIFFCurrentTile(in));
|
||||
+ _TIFFfree(tilebuf);
|
||||
return 1;
|
||||
}
|
||||
break;
|
||||
@@ -1124,12 +1128,14 @@ static int readContigTilesIntoBuffer(TIFF *in, uint8_t *buf,
|
||||
"Unable to extract row %" PRIu32
|
||||
" from tile %" PRIu32,
|
||||
row, TIFFCurrentTile(in));
|
||||
+ _TIFFfree(tilebuf);
|
||||
return 1;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
TIFFError("readContigTilesIntoBuffer",
|
||||
"Unsupported bit depth %" PRIu16, bps);
|
||||
+ _TIFFfree(tilebuf);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
@@ -2901,7 +2907,7 @@ int main(int argc, char *argv[])
|
||||
}
|
||||
|
||||
/* If we did not use the read buffer as the crop buffer */
|
||||
- if (read_buff)
|
||||
+ if (read_buff && read_buff != crop_buff)
|
||||
_TIFFfree(read_buff);
|
||||
|
||||
if (crop_buff)
|
||||
@@ -18,6 +18,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
|
||||
file://CVE-2025-8177_2.patch \
|
||||
file://CVE-2025-8534.patch \
|
||||
file://CVE-2025-9165.patch \
|
||||
file://CVE-2025-8961.patch \
|
||||
"
|
||||
|
||||
SRC_URI[sha256sum] = "67160e3457365ab96c5b3286a0903aa6e78bdc44c4bc737d2e486bcecb6ba976"
|
||||
|
||||
Reference in New Issue
Block a user