!31445 fix CVE-2022-0561_and_CVE-2022-0562

Merge pull request !31445 from shenwei41/libtiff
This commit is contained in:
i-robot 2022-03-21 07:31:03 +00:00 committed by Gitee
commit b724ceaa8e
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 27 additions and 1 deletions

View File

@ -29,6 +29,7 @@ mindspore_add_pkg(tiff
URL ${REQ_URL} URL ${REQ_URL}
MD5 ${MD5} MD5 ${MD5}
CMAKE_OPTION -DCMAKE_BUILD_TYPE=Release -Djbig=OFF -Dlzma=OFF -Djpeg12=OFF -Dzstd=OFF -Dpixarlog=OFF CMAKE_OPTION -DCMAKE_BUILD_TYPE=Release -Djbig=OFF -Dlzma=OFF -Djpeg12=OFF -Dzstd=OFF -Dpixarlog=OFF
-Dold-jpeg=OFF -Dwebp=OFF -DBUILD_SHARED_LIBS=OFF -Dlibdeflate=OFF) -Dold-jpeg=OFF -Dwebp=OFF -DBUILD_SHARED_LIBS=OFF -Dlibdeflate=OFF
PATCHES ${TOP_DIR}/third_party/patch/libtiff/CVE-2022-0561_and_CVE-2022-0562.patch001)
message("tiff include = ${tiff_INC}") message("tiff include = ${tiff_INC}")
message("tiff lib = ${tiff_LIB}") message("tiff lib = ${tiff_LIB}")

View File

@ -0,0 +1,25 @@
diff -Npur libtiff-v4.2.0/libtiff/tif_dirread.c libtiff-v4.2.0-change/libtiff/tif_dirread.c
--- libtiff-v4.2.0/libtiff/tif_dirread.c 2020-12-20 02:44:58.000000000 +0800
+++ libtiff-v4.2.0-change/libtiff/tif_dirread.c 2022-03-17 18:04:49.959583584 +0800
@@ -4173,7 +4173,8 @@ TIFFReadDirectory(TIFF* tif)
goto bad;
}
- memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
+ if (old_extrasamples > 0)
+ memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
_TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
_TIFFfree(new_sampleinfo);
}
@@ -5765,8 +5766,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEn
_TIFFfree(data);
return(0);
}
- _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
- _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
+ if( dir->tdir_count )
+ _TIFFmemcpy(resizeddata,data, (uint32)dir->tdir_count * sizeof(uint64));
+ _TIFFmemset(resizeddata+(uint32)dir->tdir_count, 0, (nstrips - (uint32)dir->tdir_count) * sizeof(uint64));
_TIFFfree(data);
data=resizeddata;
}