1From 895867b72bd6c46da79de1a07d0993cd104e92cd Mon Sep 17 00:00:00 2001 2From: Even Rouault <even.rouault@spatialys.com> 3Date: Sun, 6 Feb 2022 13:08:38 +0100 4Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null 5 source pointer and size of zero (fixes #362) 6 7Upstream-Status: Backport 8CVE: CVE-2022-0561 9 10--- 11 libtiff/tif_dirread.c | 5 +++-- 12 1 file changed, 3 insertions(+), 2 deletions(-) 13 14diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c 15index ae52ad4..d654a1c 100644 16--- a/libtiff/tif_dirread.c 17+++ b/libtiff/tif_dirread.c 18@@ -5766,8 +5766,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32_t nstrips, uint64_t** l 19 _TIFFfree(data); 20 return(0); 21 } 22- _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t)); 23- _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t)); 24+ if( dir->tdir_count ) 25+ _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t)); 26+ _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t)); 27 _TIFFfree(data); 28 data=resizeddata; 29 } 30