You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
90 lines
3.9 KiB
90 lines
3.9 KiB
From ecd9216e574039b8fba893314bdfc6edbdd6bf20 Mon Sep 17 00:00:00 2001 |
|
From: Su_Laus <sulau@freenet.de> |
|
Date: Mon, 15 Aug 2022 22:11:03 +0200 |
|
Subject: [PATCH] =?UTF-8?q?(CVE-2022-2519=20CVE-2022-2520=20CVE-2022-2521)?= |
|
=?UTF-8?q?=20According=20to=20Richard=20Nolde=20https://gitlab.com/libtif?= |
|
=?UTF-8?q?f/libtiff/-/issues/401#note=5F877637400=20the=20tiffcrop=20opti?= |
|
=?UTF-8?q?on=20=E2=80=9E-S=E2=80=9C=20is=20also=20mutually=20exclusive=20?= |
|
=?UTF-8?q?to=20the=20other=20crop=20options=20(-X|-Y),=20-Z=20and=20-z.?= |
|
MIME-Version: 1.0 |
|
Content-Type: text/plain; charset=UTF-8 |
|
Content-Transfer-Encoding: 8bit |
|
|
|
This is now checked and ends tiffcrop if those arguments are not mutually exclusive. |
|
|
|
This MR will fix the following tiffcrop issues: #349, #414, #422, #423, #424 |
|
|
|
(cherry picked from commit 8fe3735942ea1d90d8cef843b55b3efe8ab6feaf) |
|
--- |
|
tools/tiffcrop.c | 27 ++++++++++++++------------- |
|
1 file changed, 14 insertions(+), 13 deletions(-) |
|
|
|
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c |
|
index 90286a5e..d9213ecb 100644 |
|
--- a/tools/tiffcrop.c |
|
+++ b/tools/tiffcrop.c |
|
@@ -108,7 +108,7 @@ |
|
* lower level, scanline level routines. Debug reports a limited set |
|
* of messages to monitor progress without enabling dump logs. |
|
* |
|
- * Note: The (-X|-Y), -Z and -z options are mutually exclusive. |
|
+ * Note: The (-X|-Y), -Z, -z and -S options are mutually exclusive. |
|
* In no case should the options be applied to a given selection successively. |
|
*/ |
|
|
|
@@ -173,12 +173,12 @@ static char tiffcrop_rev_date[] = "02-09-2022"; |
|
#define ROTATECW_270 32 |
|
#define ROTATE_ANY (ROTATECW_90 | ROTATECW_180 | ROTATECW_270) |
|
|
|
-#define CROP_NONE 0 |
|
-#define CROP_MARGINS 1 |
|
-#define CROP_WIDTH 2 |
|
-#define CROP_LENGTH 4 |
|
-#define CROP_ZONES 8 |
|
-#define CROP_REGIONS 16 |
|
+#define CROP_NONE 0 /* "-S" -> Page_MODE_ROWSCOLS and page->rows/->cols != 0 */ |
|
+#define CROP_MARGINS 1 /* "-m" */ |
|
+#define CROP_WIDTH 2 /* "-X" */ |
|
+#define CROP_LENGTH 4 /* "-Y" */ |
|
+#define CROP_ZONES 8 /* "-Z" */ |
|
+#define CROP_REGIONS 16 /* "-z" */ |
|
#define CROP_ROTATE 32 |
|
#define CROP_MIRROR 64 |
|
#define CROP_INVERT 128 |
|
@@ -316,7 +316,7 @@ struct crop_mask { |
|
#define PAGE_MODE_RESOLUTION 1 |
|
#define PAGE_MODE_PAPERSIZE 2 |
|
#define PAGE_MODE_MARGINS 4 |
|
-#define PAGE_MODE_ROWSCOLS 8 |
|
+#define PAGE_MODE_ROWSCOLS 8 /* for -S option */ |
|
|
|
#define INVERT_DATA_ONLY 10 |
|
#define INVERT_DATA_AND_TAG 11 |
|
@@ -781,7 +781,7 @@ static const char usage_info[] = |
|
" The four debug/dump options are independent, though it makes little sense to\n" |
|
" specify a dump file without specifying a detail level.\n" |
|
"\n" |
|
-"Note: The (-X|-Y), -Z and -z options are mutually exclusive.\n" |
|
+"Note: The (-X|-Y), -Z, -z and -S options are mutually exclusive.\n" |
|
" In no case should the options be applied to a given selection successively.\n" |
|
"\n" |
|
; |
|
@@ -2131,13 +2131,14 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 |
|
/*NOTREACHED*/ |
|
} |
|
} |
|
- /*-- Check for not allowed combinations (e.g. -X, -Y and -Z and -z are mutually exclusive) --*/ |
|
- char XY, Z, R; |
|
+ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/ |
|
+ char XY, Z, R, S; |
|
XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH)); |
|
Z = (crop_data->crop_mode & CROP_ZONES); |
|
R = (crop_data->crop_mode & CROP_REGIONS); |
|
- if ((XY && Z) || (XY && R) || (Z && R)) { |
|
- TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z and -z are mutually exclusive.->Exit"); |
|
+ S = (page->mode & PAGE_MODE_ROWSCOLS); |
|
+ if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S) || (R && S)) { |
|
+ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit"); |
|
exit(EXIT_FAILURE); |
|
} |
|
} /* end process_command_opts */
|
|
|