Overview

File tiff-CVE-2025-9900.patch of Package tiff.41421

--- tiff-4.0.9/libtiff/tif_getimage.c	2025-10-13 10:56:54.741756008 +0200
+++ tiff-4.0.9/libtiff/tif_getimage.c	2025-10-13 11:12:16.241165699 +0200
@@ -511,6 +511,22 @@
 		"No \"put\" routine setupl; probably can not handle image format");
 		return (0);
     }
+    /* Verify raster width and height against image width and height. */
+    if (h > img->height)
+    {
+        /* Adapt parameters to read only available lines and put image at
+         * the bottom of the raster. */
+        raster += (size_t)(h - img->height) * w;
+        h = img->height;
+    }
+    if (w > img->width)
+    {
+        TIFFWarningExt(img->tif, TIFFFileName(img->tif),
+                        "Raster width of %d shall not be larger than image "
+                        "width of %d -> raster width adapted for reading",
+                        w, img->width);
+        w = img->width;
+    }
     return (*img->get)(img, raster, w, h);
 }
 
@@ -529,9 +545,7 @@
 
 	if (TIFFRGBAImageOK(tif, emsg) && TIFFRGBAImageBegin(&img, tif, stop, emsg)) {
 		img.req_orientation = (uint16)orientation;
-		/* XXX verify rwidth and rheight against width and height */
-		ok = TIFFRGBAImageGet(&img, raster+(rheight-img.height)*rwidth,
-			rwidth, img.height);
+		ok = TIFFRGBAImageGet(&img, raster, rwidth, rheight);
 		TIFFRGBAImageEnd(&img);
 	} else {
 		TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "%s", emsg);
openSUSE Build Service is sponsored by
Places