libtiff: avoid hang in TIFFRewriteDirectory() if a classic file > 4 GB is attempted to be created

SDLPushPostBot · May 7, 2022, 7:33pm

https://github.com/libsdl-org/libtiff/commit/b51bb157123264e26d34c09cc673d213aea61fc7

From b51bb157123264e26d34c09cc673d213aea61fc7 Mon Sep 17 00:00:00 2001
From: Even Rouault <[EMAIL REDACTED]>
Date: Mon, 21 Mar 2022 18:03:17 +0100
Subject: [PATCH] avoid hang in TIFFRewriteDirectory() if a classic file > 4 GB
 is attempted to be created

Fixes https://github.com/OSGeo/gdal/issues/5479
---
 libtiff/tif_dirwrite.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
index d5a819da..0d013249 100644
--- a/libtiff/tif_dirwrite.c
+++ b/libtiff/tif_dirwrite.c
@@ -300,6 +300,12 @@ TIFFRewriteDirectory( TIFF *tif )
 				return (0);
 			}
 		}
+		else if( tif->tif_diroff > 0xFFFFFFFFU )
+		{
+			TIFFErrorExt(tif->tif_clientdata, module,
+			     "tif->tif_diroff exceeds 32 bit range allowed for Classic TIFF");
+			return (0);
+		}
 		else
 		{
 			uint32_t nextdir;