mirror of
https://git.yoctoproject.org/poky
synced 2026-04-26 18:32:13 +02:00
b19575391d
Backport fixes for: * CVE-2023-2908 - Upstream-Status: Backport from9bd48f0dbd* CVE-2023-3316 - Upstream-Status: Backport fromd63de61b1e* CVE-2023-3618 - Upstream-Status: Backport from881a070194&&b5c7d4c4e0(From OE-Core rev: d37cf315135c6778774a1bee458e61480f808aa5) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
34 lines
1005 B
Diff
34 lines
1005 B
Diff
From 8c0859a80444c90b8dfb862a9f16de74e16f0a9e Mon Sep 17 00:00:00 2001
|
|
From: xiaoxiaoafeifei <lliangliang2007@163.com>
|
|
Date: Fri, 21 Apr 2023 13:01:34 +0000
|
|
Subject: [PATCH] countInkNamesString(): fix `UndefinedBehaviorSanitizer`:
|
|
applying zero offset to null pointer
|
|
|
|
Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f]
|
|
CVE: CVE-2023-2908
|
|
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
|
|
---
|
|
libtiff/tif_dir.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
|
|
index 349dfe4..1402c8e 100644
|
|
--- a/libtiff/tif_dir.c
|
|
+++ b/libtiff/tif_dir.c
|
|
@@ -145,10 +145,10 @@ static uint16_t
|
|
countInkNamesString(TIFF *tif, uint32_t slen, const char *s)
|
|
{
|
|
uint16_t i = 0;
|
|
- const char *ep = s + slen;
|
|
- const char *cp = s;
|
|
|
|
if (slen > 0) {
|
|
+ const char *ep = s + slen;
|
|
+ const char *cp = s;
|
|
do {
|
|
for (; cp < ep && *cp != '\0'; cp++) {}
|
|
if (cp >= ep)
|
|
--
|
|
2.25.1
|
|
|