2 Upstream-Status: Backport
3 Signed-off-by: Ross Burton <ross.burton@arm.com>
5 From b12a0326e6064b6e0b051d1184a219877472f69b Mon Sep 17 00:00:00 2001
6 From: 4ugustus <wangdw.augustus@qq.com>
7 Date: Tue, 25 Jan 2022 16:25:28 +0000
8 Subject: [PATCH] tiffset: fix global-buffer-overflow for ASCII tags where
9 count is required (fixes #355)
12 tools/tiffset.c | 16 +++++++++++++---
13 1 file changed, 13 insertions(+), 3 deletions(-)
15 diff --git a/tools/tiffset.c b/tools/tiffset.c
16 index 8c9e23c5..e7a88c09 100644
19 @@ -146,9 +146,19 @@ main(int argc, char* argv[])
22 if (TIFFFieldDataType(fip) == TIFF_ASCII) {
23 - if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1)
24 - fprintf( stderr, "Failed to set %s=%s\n",
25 - TIFFFieldName(fip), argv[arg_index] );
26 + if(TIFFFieldPassCount( fip )) {
28 + len = strlen(argv[arg_index]) + 1;
29 + if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip),
30 + (uint16_t)len, argv[arg_index]) != 1)
31 + fprintf( stderr, "Failed to set %s=%s\n",
32 + TIFFFieldName(fip), argv[arg_index] );
34 + if (TIFFSetField(tiff, TIFFFieldTag(fip),
35 + argv[arg_index]) != 1)
36 + fprintf( stderr, "Failed to set %s=%s\n",
37 + TIFFFieldName(fip), argv[arg_index] );
39 } else if (TIFFFieldWriteCount(fip) > 0
40 || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) {
