Nigel
/
mindspore
forked from mindspore-Ecosystem/mindspore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

!31655 fix CVE-2022-0908 

Merge pull request !31655 from shenwei41/libtiff
This commit is contained in:
i-robot 2022-03-22 01:35:49 +00:00 committed by Gitee
parent c02e1559a6 09778b7707
commit a9a0b7883c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cmake/external_libs/libtiff.cmake
View File

@ -30,6 +30,7 @@ mindspore_add_pkg(tiff
MD5 ${MD5}
CMAKE_OPTION -DCMAKE_BUILD_TYPE=Release -Djbig=OFF -Dlzma=OFF -Djpeg12=OFF -Dzstd=OFF -Dpixarlog=OFF
-Dold-jpeg=OFF -Dwebp=OFF -DBUILD_SHARED_LIBS=OFF -Dlibdeflate=OFF
PATCHES ${TOP_DIR}/third_party/patch/libtiff/CVE-2022-0561_and_CVE-2022-0562.patch001)
PATCHES ${TOP_DIR}/third_party/patch/libtiff/CVE-2022-0561_and_CVE-2022-0562.patch001
PATCHES ${TOP_DIR}/third_party/patch/libtiff/CVE-2022-0908.patch002)
message("tiff include = ${tiff_INC}")
message("tiff lib = ${tiff_LIB}")

15
third_party/patch/libtiff/CVE-2022-0908.patch002 vendored Normal file
View File

@ -0,0 +1,15 @@
diff -Npur libtiff-v4.2.0/libtiff/tif_dirread.c libtiff-v4.2.0-change/libtiff/tif_dirread.c
--- libtiff-v4.2.0/libtiff/tif_dirread.c 2020-12-20 02:44:58.000000000 +0800
+++ libtiff-v4.2.0-change/libtiff/tif_dirread.c 2022-03-21 19:27:48.016570736 +0800
@@ -5079,7 +5079,10 @@ TIFFFetchNormalTag(TIFF* tif, TIFFDirEnt
_TIFFfree(data);
return(0);
}
- _TIFFmemcpy(o,data,(uint32)dp->tdir_count);
+ if (dp->tdir_count > 0 )
+ {
+ _TIFFmemcpy(o,data,(uint32)dp->tdir_count);
+ }
o[(uint32)dp->tdir_count]=0;
if (data!=0)
_TIFFfree(data);