poky/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618.patch

From b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8 Mon Sep 17 00:00:00 2001
From: Su_Laus <sulau@freenet.de>
Date: Fri, 5 May 2023 19:43:46 +0200
Subject: [PATCH] Consider error return of writeSelections(). Fixes #553

Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8]
CVE: CVE-2023-3618
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 tools/tiffcrop.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
index 0d02f56..8cbeb68 100644
--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
@@ -2459,9 +2459,15 @@ main(int argc, char* argv[])
         {  /* Whole image or sections not based on output page size */
         if (crop.selections > 0)
           {
-	  writeSelections(in, &out, &crop, &image, &dump, seg_buffs,
-                          mp, argv[argc - 1], &next_page, total_pages);
-          }
+             if (writeSelections(in, &out, &crop, &image, &dump,
+                                 seg_buffs, mp, argv[argc - 1],
+                                 &next_page, total_pages))
+              {
+                TIFFError("main",
+                          "Unable to write new image selections");
+                exit(EXIT_FAILURE);
+              }
+	  }
 	else  /* One file all images and sections */
           {
 	  if (update_output_file (&out, mp, crop.exp_mode, argv[argc - 1],
@@ -7842,7 +7848,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
   /* Memory is freed before crop_buff_ptr is overwritten */
     if (*crop_buff_ptr != NULL)
     {
-	_TIFFfree(*crop_buff_ptr);
+       _TIFFfree(*crop_buff_ptr);
     }
 
   /* process full image, no crop buffer needed */
-- 
2.25.1