1From 7b91458541769f3d7eddc55a39d01730af2489fc Mon Sep 17 00:00:00 2001 2From: Even Rouault <even.rouault@spatialys.com> 3Date: Sat, 5 Feb 2022 20:36:41 +0100 4Subject: [PATCH] TIFFReadDirectory(): avoid calling memcpy() with a null 5 source pointer and size of zero (fixes #362) 6 7Upstream-Status: Backport 8CVE: CVE-2022-0562 9 10--- 11 libtiff/tif_dirread.c | 3 ++- 12 1 file changed, 2 insertions(+), 1 deletion(-) 13 14diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c 15index d84147a..ae52ad4 100644 16--- a/libtiff/tif_dirread.c 17+++ b/libtiff/tif_dirread.c 18@@ -4173,7 +4173,8 @@ TIFFReadDirectory(TIFF* tif) 19 goto bad; 20 } 21 22- memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t)); 23+ if (old_extrasamples > 0) 24+ memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t)); 25 _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples); 26 _TIFFfree(new_sampleinfo); 27 } 28