poky/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-3.patch

CVE: CVE-2023-6277
Upstream-Status: Backport [upstream : https://gitlab.com/libtiff/libtiff/-/commit/de7bfd7d4377c266f81849579f696fa1ad5ba6c3 
ubuntu : http://archive.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_4.3.0-6ubuntu0.8.debian.tar.xz ]
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>

Backport of:

From de7bfd7d4377c266f81849579f696fa1ad5ba6c3 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Tue, 31 Oct 2023 20:13:45 +0100
Subject: [PATCH] TIFFFetchDirectory(): remove useless allocsize vs filesize
 check

CoverityScan rightly points that the max value for dircount16 * dirsize
is 4096 * 20. That's small enough not to do any check
---
 libtiff/tif_dirread.c | 18 ------------------
 1 file changed, 18 deletions(-)

--- tiff-4.3.0.orig/libtiff/tif_dirread.c
+++ tiff-4.3.0/libtiff/tif_dirread.c
@@ -4949,24 +4949,6 @@ TIFFFetchDirectory(TIFF* tif, uint64_t d
 			dircount16 = (uint16_t)dircount64;
 			dirsize = 20;
 		}
-		const uint64_t allocsize = (uint64_t)dircount16 * dirsize;
-		if (allocsize > 100 * 1024 * 1024)
-		{
-			/* Before allocating a huge amount of memory for corrupted files,
-			 * check if size of requested memory is not greater than file size.
-			 */
-			const uint64_t filesize = TIFFGetFileSize(tif);
-			if (allocsize > filesize)
-			{
-				TIFFWarningExt(
-					tif->tif_clientdata, module,
-					"Requested memory size for TIFF directory of %" PRIu64
-					" is greater than filesize %" PRIu64
-					". Memory not allocated, TIFF directory not read",
-					allocsize, filesize);
-				return 0;
-			}
-		}
 		origdir = _TIFFCheckMalloc(tif, dircount16,
 		    dirsize, "to read TIFF directory");
 		if (origdir == NULL)