File tiff-CVE-2023-38288,CVE-2023-40745,CVE-2023-41175.patch of Package tiff.34105
Index: tiff-4.0.9/tools/tiffcp.c
===================================================================
--- tiff-4.0.9.orig/tools/tiffcp.c
+++ tiff-4.0.9/tools/tiffcp.c
@@ -43,6 +43,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <limits.h>
#include <ctype.h>
@@ -1404,6 +1405,13 @@ DECLAREreadFunc(readSeparateTilesIntoBuf
TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)");
return 0;
}
+
+ if ( (imagew - tilew * spp) > INT_MAX ){
+ TIFFError(TIFFFileName(in),
+ "Error, image raster scan line size is too large");
+ return 0;
+ }
+
iskew = imagew - tilew*spp;
tilebuf = _TIFFmalloc(tilesize);