File tiff-CVE-2024-13978.patch of Package tiff
Index: tiff-4.7.0/tools/tiff2pdf.c
===================================================================
--- tiff-4.7.0.orig/tools/tiff2pdf.c
+++ tiff-4.7.0/tools/tiff2pdf.c
@@ -1371,8 +1371,24 @@ void t2p_read_tiff_init(T2P *t2p, TIFF *
t2p->pdf_xrefcount += (t2p->tiff_tiles[i].tiles_tilecount - 1) * 2;
TIFFGetField(input, TIFFTAG_TILEWIDTH,
&(t2p->tiff_tiles[i].tiles_tilewidth));
+ if (t2p->tiff_tiles[i].tiles_tilewidth < 1)
+ {
+ TIFFError(TIFF2PDF_MODULE, "Invalid tile width (%d), %s",
+ t2p->tiff_tiles[i].tiles_tilewidth,
+ TIFFFileName(input));
+ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
TIFFGetField(input, TIFFTAG_TILELENGTH,
&(t2p->tiff_tiles[i].tiles_tilelength));
+ if (t2p->tiff_tiles[i].tiles_tilelength < 1)
+ {
+ TIFFError(TIFF2PDF_MODULE, "Invalid tile length (%d), %s",
+ t2p->tiff_tiles[i].tiles_tilelength,
+ TIFFFileName(input));
+ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
t2p->tiff_tiles[i].tiles_tiles = (T2P_TILE *)_TIFFmalloc(
TIFFSafeMultiply(tmsize_t, t2p->tiff_tiles[i].tiles_tilecount,
sizeof(T2P_TILE)));
