From 3994cf3b3bc6b54c32f240ca5a412cffa11633fa Mon Sep 17 00:00:00 2001 From: Lee Howard Date: Mon, 19 May 2025 10:53:30 -0700 Subject: [PATCH] Don't skip the first line of the input image. Addresses issue #703 CVE: CVE-2025-8176 Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/3994cf3b3bc6b54c32f240ca5a412cffa11633fa] Signed-off-by: Yogita Urade --- tools/tiffdither.c | 4 ++-- tools/tiffmedian.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/tiffdither.c b/tools/tiffdither.c index 062fd60..d352554 100644 --- a/tools/tiffdither.c +++ b/tools/tiffdither.c @@ -95,7 +95,7 @@ fsdither(TIFF* in, TIFF* out) nextptr = nextline; for (j = 0; j < imagewidth; ++j) *nextptr++ = *inptr++; - for (i = 1; i < imagelength; ++i) { + for (i = 0; i < imagelength; ++i) { tmpptr = thisline; thisline = nextline; nextline = tmpptr; @@ -138,7 +138,7 @@ fsdither(TIFF* in, TIFF* out) nextptr[0] += v / 16; } } - if (TIFFWriteScanline(out, outline, i-1, 0) < 0) + if (TIFFWriteScanline(out, outline, i, 0) < 0) goto skip_on_error; } goto exit_label; diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c index 93a1741..93e57cf 100644 --- a/tools/tiffmedian.c +++ b/tools/tiffmedian.c @@ -844,7 +844,7 @@ quant_fsdither(TIFF* in, TIFF* out) outline = (unsigned char *) _TIFFmalloc(TIFFScanlineSize(out)); GetInputLine(in, 0, goto bad); /* get first line */ - for (i = 1; i <= imagelength; ++i) { + for (i = 0; i <= imagelength; ++i) { SWAP(short *, thisline, nextline); lastline = (i >= imax); if (i <= imax) @@ -915,7 +915,7 @@ quant_fsdither(TIFF* in, TIFF* out) nextptr += 3; } } - if (TIFFWriteScanline(out, outline, i-1, 0) < 0) + if (TIFFWriteScanline(out, outline, i, 0) < 0) break; } bad: -- 2.40.0