1*4882a593SmuzhiyunFrom 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Su Laus <sulau@freenet.de> 3*4882a593SmuzhiyunDate: Sat, 21 Jan 2023 15:58:10 +0000 4*4882a593SmuzhiyunSubject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488. 5*4882a593Smuzhiyun 6*4882a593Smuzhiyun 7*4882a593SmuzhiyunUpstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.2.0-1+deb11u4.debian.tar.xz] 8*4882a593SmuzhiyunCVE: CVE-2022-48281 9*4882a593SmuzhiyunSigned-off-by: Chee Yang Lee <chee.yang.lee@intel.com> 10*4882a593Smuzhiyun--- 11*4882a593Smuzhiyun tools/tiffcrop.c | 2 +- 12*4882a593Smuzhiyun 1 file changed, 1 insertion(+), 1 deletion(-) 13*4882a593Smuzhiyun 14*4882a593SmuzhiyunIndex: tiff-4.2.0/tools/tiffcrop.c 15*4882a593Smuzhiyun=================================================================== 16*4882a593Smuzhiyun--- tiff-4.2.0.orig/tools/tiffcrop.c 17*4882a593Smuzhiyun+++ tiff-4.2.0/tools/tiffcrop.c 18*4882a593Smuzhiyun@@ -7516,7 +7516,7 @@ processCropSelections(struct image_data 19*4882a593Smuzhiyun crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES); 20*4882a593Smuzhiyun else 21*4882a593Smuzhiyun { 22*4882a593Smuzhiyun- prev_cropsize = seg_buffs[0].size; 23*4882a593Smuzhiyun+ prev_cropsize = seg_buffs[1].size; 24*4882a593Smuzhiyun if (prev_cropsize < cropsize) 25*4882a593Smuzhiyun { 26*4882a593Smuzhiyun next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES); 27