[BACK]Return to patch-CVE-2022-0909 CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / graphics / tiff / patches

File: [cvs.NetBSD.org] / pkgsrc / graphics / tiff / patches / Attic / patch-CVE-2022-0909 (download)

Revision 1.1, Fri Mar 25 09:32:49 2022 UTC (10 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base, pkgsrc-2022Q1

tiff: apply fixes for CVE-2022-0561 CVE-2022-0907 CVE-2022-0891
CVE-2022-0907 CVE-2022-0909

bump PKGREVISION again...

$NetBSD: patch-CVE-2022-0909,v 1.1 2022/03/25 09:32:49 nia Exp $

[PATCH] fix FPE in tiffcrop
https://gitlab.com/libtiff/libtiff/-/merge_requests/310.patch

--- libtiff/tif_dir.c.orig	2021-03-05 13:01:43.000000000 +0000
+++ libtiff/tif_dir.c
@@ -335,13 +335,13 @@ _TIFFVSetField(TIFF* tif, uint32_t tag, 
 		break;
 	case TIFFTAG_XRESOLUTION:
         dblval = va_arg(ap, double);
-        if( dblval < 0 )
+        if( dblval != dblval || dblval < 0 )
             goto badvaluedouble;
 		td->td_xresolution = _TIFFClampDoubleToFloat( dblval );
 		break;
 	case TIFFTAG_YRESOLUTION:
         dblval = va_arg(ap, double);
-        if( dblval < 0 )
+        if( dblval != dblval || dblval < 0 )
             goto badvaluedouble;
 		td->td_yresolution = _TIFFClampDoubleToFloat( dblval );
 		break;