Nigel
/
mindspore
forked from mindspore-Ecosystem/mindspore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix CVE-2022-0908

This commit is contained in:
shenwei41 2022-03-21 19:34:25 +08:00
parent a9d5e5cf20
commit 09778b7707
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cmake/external_libs/libtiff.cmake
View File

@ -30,6 +30,7 @@ mindspore_add_pkg(tiff
MD5 ${MD5}
CMAKE_OPTION -DCMAKE_BUILD_TYPE=Release -Djbig=OFF -Dlzma=OFF -Djpeg12=OFF -Dzstd=OFF -Dpixarlog=OFF
-Dold-jpeg=OFF -Dwebp=OFF -DBUILD_SHARED_LIBS=OFF -Dlibdeflate=OFF
PATCHES ${TOP_DIR}/third_party/patch/libtiff/CVE-2022-0561_and_CVE-2022-0562.patch001)
PATCHES ${TOP_DIR}/third_party/patch/libtiff/CVE-2022-0561_and_CVE-2022-0562.patch001
PATCHES ${TOP_DIR}/third_party/patch/libtiff/CVE-2022-0908.patch002)
message("tiff include = ${tiff_INC}")
message("tiff lib = ${tiff_LIB}")

15
third_party/patch/libtiff/CVE-2022-0908.patch002 vendored Normal file
View File

@ -0,0 +1,15 @@
diff -Npur libtiff-v4.2.0/libtiff/tif_dirread.c libtiff-v4.2.0-change/libtiff/tif_dirread.c
--- libtiff-v4.2.0/libtiff/tif_dirread.c 2020-12-20 02:44:58.000000000 +0800
+++ libtiff-v4.2.0-change/libtiff/tif_dirread.c 2022-03-21 19:27:48.016570736 +0800
@@ -5079,7 +5079,10 @@ TIFFFetchNormalTag(TIFF* tif, TIFFDirEnt
_TIFFfree(data);
return(0);
}
- _TIFFmemcpy(o,data,(uint32)dp->tdir_count);
+ if (dp->tdir_count > 0 )
+ {
+ _TIFFmemcpy(o,data,(uint32)dp->tdir_count);
+ }
o[(uint32)dp->tdir_count]=0;
if (data!=0)
_TIFFfree(data);