9b48e2850a
* CVE-2022-3970 [bsc#1205392]
+ tiff-CVE-2022-3970.patch
OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=162
25 lines
1.2 KiB
Diff
25 lines
1.2 KiB
Diff
Index: tiff-4.4.0/libtiff/tif_getimage.c
|
|
===================================================================
|
|
--- tiff-4.4.0.orig/libtiff/tif_getimage.c
|
|
+++ tiff-4.4.0/libtiff/tif_getimage.c
|
|
@@ -3058,15 +3058,15 @@ TIFFReadRGBATileExt(TIFF* tif, uint32_t
|
|
return( ok );
|
|
|
|
for( i_row = 0; i_row < read_ysize; i_row++ ) {
|
|
- memmove( raster + (tile_ysize - i_row - 1) * tile_xsize,
|
|
- raster + (read_ysize - i_row - 1) * read_xsize,
|
|
+ memmove( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize,
|
|
+ raster + (size_t)(read_ysize - i_row - 1) * read_xsize,
|
|
read_xsize * sizeof(uint32_t) );
|
|
- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize+read_xsize,
|
|
+ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize+read_xsize,
|
|
0, sizeof(uint32_t) * (tile_xsize - read_xsize) );
|
|
}
|
|
|
|
for( i_row = read_ysize; i_row < tile_ysize; i_row++ ) {
|
|
- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize,
|
|
+ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize,
|
|
0, sizeof(uint32_t) * tile_xsize );
|
|
}
|
|
|