1*4882a593SmuzhiyunFrom 05ef5e05a0b8d18ab075e09b1ea349acc0035e67 Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Su_Laus <sulau@freenet.de> 3*4882a593SmuzhiyunDate: Mon, 15 Aug 2022 22:11:03 +0200 4*4882a593SmuzhiyunSubject: [PATCH] tiffcrop: disable incompatibility of -S 5*4882a593Smuzhiyun 6*4882a593SmuzhiyunCVE: CVE-2022-2953 7*4882a593SmuzhiyunUpstream-Status: Backport 8*4882a593SmuzhiyunSigned-off-by: Ross Burton <ross.burton@arm.com> 9*4882a593SmuzhiyunSigned-off-by: Zheng Qiu <zheng.qiu@windriver.com> 10*4882a593Smuzhiyun 11*4882a593SmuzhiyunAccording to Richard Nolde 12*4882a593Smuzhiyunhttps://gitlab.com/libtiff/libtiff/-/issues/401#note_877637400 the 13*4882a593Smuzhiyuntiffcrop option "-S" is also mutually exclusive to the other crop 14*4882a593Smuzhiyunoptions (-X|-Y), -Z and -z. 15*4882a593Smuzhiyun 16*4882a593SmuzhiyunMIME-Version: 1.0 17*4882a593SmuzhiyunContent-Type: text/plain; charset=UTF-8 18*4882a593SmuzhiyunContent-Transfer-Encoding: 8bit 19*4882a593Smuzhiyun 20*4882a593SmuzhiyunThis is now checked and ends tiffcrop if those arguments are not mutually exclusive. 21*4882a593Smuzhiyun 22*4882a593SmuzhiyunThis MR will fix the following tiffcrop issues: #349, #414, #422, #423, #424 23*4882a593Smuzhiyun 24*4882a593Smuzhiyun--- 25*4882a593Smuzhiyun tools/tiffcrop.c | 25 +++++++++++++------------ 26*4882a593Smuzhiyun 1 file changed, 13 insertions(+), 12 deletions(-) 27*4882a593Smuzhiyun 28*4882a593Smuzhiyundiff --git a/tools/tiffcrop.c b/tools/tiffcrop.c 29*4882a593Smuzhiyunindex b596f9e..8af85c9 100644 30*4882a593Smuzhiyun--- a/tools/tiffcrop.c 31*4882a593Smuzhiyun+++ b/tools/tiffcrop.c 32*4882a593Smuzhiyun@@ -173,12 +173,12 @@ static char tiffcrop_rev_date[] = "02-09-2022"; 33*4882a593Smuzhiyun #define ROTATECW_270 32 34*4882a593Smuzhiyun #define ROTATE_ANY (ROTATECW_90 | ROTATECW_180 | ROTATECW_270) 35*4882a593Smuzhiyun 36*4882a593Smuzhiyun-#define CROP_NONE 0 37*4882a593Smuzhiyun-#define CROP_MARGINS 1 38*4882a593Smuzhiyun-#define CROP_WIDTH 2 39*4882a593Smuzhiyun-#define CROP_LENGTH 4 40*4882a593Smuzhiyun-#define CROP_ZONES 8 41*4882a593Smuzhiyun-#define CROP_REGIONS 16 42*4882a593Smuzhiyun+#define CROP_NONE 0 /* "-S" -> Page_MODE_ROWSCOLS and page->rows/->cols != 0 */ 43*4882a593Smuzhiyun+#define CROP_MARGINS 1 /* "-m" */ 44*4882a593Smuzhiyun+#define CROP_WIDTH 2 /* "-X" */ 45*4882a593Smuzhiyun+#define CROP_LENGTH 4 /* "-Y" */ 46*4882a593Smuzhiyun+#define CROP_ZONES 8 /* "-Z" */ 47*4882a593Smuzhiyun+#define CROP_REGIONS 16 /* "-z" */ 48*4882a593Smuzhiyun #define CROP_ROTATE 32 49*4882a593Smuzhiyun #define CROP_MIRROR 64 50*4882a593Smuzhiyun #define CROP_INVERT 128 51*4882a593Smuzhiyun@@ -316,7 +316,7 @@ struct crop_mask { 52*4882a593Smuzhiyun #define PAGE_MODE_RESOLUTION 1 53*4882a593Smuzhiyun #define PAGE_MODE_PAPERSIZE 2 54*4882a593Smuzhiyun #define PAGE_MODE_MARGINS 4 55*4882a593Smuzhiyun-#define PAGE_MODE_ROWSCOLS 8 56*4882a593Smuzhiyun+#define PAGE_MODE_ROWSCOLS 8 /* for -S option */ 57*4882a593Smuzhiyun 58*4882a593Smuzhiyun #define INVERT_DATA_ONLY 10 59*4882a593Smuzhiyun #define INVERT_DATA_AND_TAG 11 60*4882a593Smuzhiyun@@ -781,7 +781,7 @@ static const char usage_info[] = 61*4882a593Smuzhiyun " The four debug/dump options are independent, though it makes little sense to\n" 62*4882a593Smuzhiyun " specify a dump file without specifying a detail level.\n" 63*4882a593Smuzhiyun "\n" 64*4882a593Smuzhiyun-"Note: The (-X|-Y), -Z and -z options are mutually exclusive.\n" 65*4882a593Smuzhiyun+"Note: The (-X|-Y), -Z, -z and -S options are mutually exclusive.\n" 66*4882a593Smuzhiyun " In no case should the options be applied to a given selection successively.\n" 67*4882a593Smuzhiyun "\n" 68*4882a593Smuzhiyun ; 69*4882a593Smuzhiyun@@ -2133,13 +2133,14 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 70*4882a593Smuzhiyun /*NOTREACHED*/ 71*4882a593Smuzhiyun } 72*4882a593Smuzhiyun } 73*4882a593Smuzhiyun- /*-- Check for not allowed combinations (e.g. -X, -Y and -Z and -z are mutually exclusive) --*/ 74*4882a593Smuzhiyun- char XY, Z, R; 75*4882a593Smuzhiyun+ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/ 76*4882a593Smuzhiyun+ char XY, Z, R, S; 77*4882a593Smuzhiyun XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH)); 78*4882a593Smuzhiyun Z = (crop_data->crop_mode & CROP_ZONES); 79*4882a593Smuzhiyun R = (crop_data->crop_mode & CROP_REGIONS); 80*4882a593Smuzhiyun- if ((XY && Z) || (XY && R) || (Z && R)) { 81*4882a593Smuzhiyun- TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z and -z are mutually exclusive.->Exit"); 82*4882a593Smuzhiyun+ S = (page->mode & PAGE_MODE_ROWSCOLS); 83*4882a593Smuzhiyun+ if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S) || (R && S)) { 84*4882a593Smuzhiyun+ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit"); 85*4882a593Smuzhiyun exit(EXIT_FAILURE); 86*4882a593Smuzhiyun } 87*4882a593Smuzhiyun } /* end process_command_opts */ 88