File wxWidgets-3_2_CVE-2025-8851.patch of Package wxWidgets-3_2
From 8a7a48d7a645992ca83062b3a1873c951661e2b3 Mon Sep 17 00:00:00 2001
From: Lee Howard <faxguy@howardsilvan.com>
Date: Sun, 11 Aug 2024 16:01:07 +0000
Subject: [PATCH] Attempt to address tiffcrop Coverity scan issues 1605444,
1605445, and 1605449.
---
tools/tiffcrop.c | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
--- a/src/tiff/tools/tiffcrop.c
+++ b/src/tiff/tools/tiffcrop.c
@@ -4902,7 +4902,14 @@
buff = srcbuffs[s];
strip = (s * strips_per_sample) + j;
bytes_read = TIFFReadEncodedStrip (in, strip, buff, stripsize);
- rows_this_strip = bytes_read / src_rowsize;
+ if (bytes_read < 0)
+ {
+ rows_this_strip = 0;
+ }
+ else
+ {
+ rows_this_strip = bytes_read / src_rowsize;
+ }
if (bytes_read < 0 && !ignore)
{
TIFFError(TIFFFileName(in),
@@ -5276,14 +5283,14 @@
rmargin = (uint32)(crop->margins[3] * scale * xres);
}
- if ((lmargin + rmargin) > image->width)
+ if (lmargin == 0xFFFFFFFFU || rmargin == 0xFFFFFFFFU || (lmargin + rmargin) > image->width)
{
TIFFError("computeInputPixelOffsets", "Combined left and right margins exceed image width");
lmargin = (uint32) 0;
rmargin = (uint32) 0;
return (-1);
}
- if ((tmargin + bmargin) > image->length)
+ if (tmargin == 0xFFFFFFFFU || bmargin == 0xFFFFFFFFU || (tmargin + bmargin) > image->length)
{
TIFFError("computeInputPixelOffsets", "Combined top and bottom margins exceed image length");
tmargin = (uint32) 0;
@@ -5728,14 +5735,14 @@
vmargin = (uint32)(page->vmargin * scale * ((image->bps + 7)/ 8));
}
- if ((hmargin * 2.0) > (pwidth * page->hres))
+ if (hmargin == 0xFFFFFFFFU || (hmargin * 2.0) > (pwidth * page->hres))
{
TIFFError("computeOutputPixelOffsets",
"Combined left and right margins exceed page width");
hmargin = (uint32) 0;
return (-1);
}
- if ((vmargin * 2.0) > (plength * page->vres))
+ if (vmargin == 0xFFFFFFFFU || (vmargin * 2.0) > (plength * page->vres))
{
TIFFError("computeOutputPixelOffsets",
"Combined top and bottom margins exceed page length");
