1From fb89eab3ed46bbb0276bdee05b570455f6a27d2f Mon Sep 17 00:00:00 2001 2From: Su_Laus <sulau@freenet.de> 3Date: Sun, 6 Feb 2022 19:52:17 +0100 4Subject: [PATCH] Move the crop_width and crop_length computation after the 5 sanity check to avoid warnings when built with 6 -fsanitize=unsigned-integer-overflow. 7 8Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/b258ed69a485a9cfb299d9f060eb2a46c54e5903?merge_request_iid=294] 9 10Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com> 11 12CVE: CVE-2022-2868 13 14--- 15 tools/tiffcrop.c | 5 ++--- 16 1 file changed, 2 insertions(+), 3 deletions(-) 17 18diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c 19index 0ef5bb2..99e4208 100644 20--- a/tools/tiffcrop.c 21+++ b/tools/tiffcrop.c 22@@ -5389,15 +5389,13 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image, 23 off->endx = endx; 24 off->endy = endy; 25 26- crop_width = endx - startx + 1; 27- crop_length = endy - starty + 1; 28- 29 if (endx + 1 <= startx) 30 { 31 TIFFError("computeInputPixelOffsets", 32 "Invalid left/right margins and /or image crop width requested"); 33 return (-1); 34 } 35+ crop_width = endx - startx + 1; 36 if (crop_width > image->width) 37 crop_width = image->width; 38 39@@ -5407,6 +5405,7 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image, 40 "Invalid top/bottom margins and /or image crop length requested"); 41 return (-1); 42 } 43+ crop_length = endy - starty + 1; 44 if (crop_length > image->length) 45 crop_length = image->length; 46 47