summaryrefslogtreecommitdiff
path: root/CVE-2022-0561_and_CVE-2022-0562.patch
diff options
context:
space:
mode:
Diffstat (limited to 'CVE-2022-0561_and_CVE-2022-0562.patch')
-rw-r--r--CVE-2022-0561_and_CVE-2022-0562.patch25
1 files changed, 25 insertions, 0 deletions
diff --git a/CVE-2022-0561_and_CVE-2022-0562.patch b/CVE-2022-0561_and_CVE-2022-0562.patch
new file mode 100644
index 0000000..948b057
--- /dev/null
+++ b/CVE-2022-0561_and_CVE-2022-0562.patch
@@ -0,0 +1,25 @@
+diff -Npur opencv-4.5.2/3rdparty/libtiff/tif_dirread.c opencv-4.5.2-new/3rdparty/libtiff/tif_dirread.c
+--- opencv-4.5.2/3rdparty/libtiff/tif_dirread.c 2021-04-02 19:23:54.000000000 +0800
++++ opencv-4.5.2-new/3rdparty/libtiff/tif_dirread.c 2022-05-21 14:44:25.639756094 +0800
+@@ -4173,7 +4173,8 @@ TIFFReadDirectory(TIFF* tif)
+ goto bad;
+ }
+
+- memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
++ if (old_extrasamples > 0)
++ memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
+ _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
+ _TIFFfree(new_sampleinfo);
+ }
+@@ -5765,8 +5766,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEn
+ _TIFFfree(data);
+ return(0);
+ }
+- _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
+- _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
++ if( dir->tdir_count )
++ _TIFFmemcpy(resizeddata,data, (uint32)dir->tdir_count * sizeof(uint64));
++ _TIFFmemset(resizeddata+(uint32)dir->tdir_count, 0, (nstrips - (uint32)dir->tdir_count) * sizeof(uint64));
+ _TIFFfree(data);
+ data=resizeddata;
+ }
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-09 18:06:35 +0000