libtiff: fix CVE-2022-3597 -- from debian.

From de716554b702a872235999bef79246e01f5427f2 Mon Sep 17 00:00:00 2001
From: Ozkan Sezer <[EMAIL REDACTED]>
Date: Mon, 16 Oct 2023 11:11:04 +0300
Subject: [PATCH] fix CVE-2022-3597 -- from debian.

Author: Su_Laus <sulau@freenet.de>
Reviewed-by: Aron Xu <aron@debian.org>
Last-Updated: 2023-01-13
References:
 * https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf
 * https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
---
 tools/tiffcrop.c | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
index f3820522..a964c22e 100644
--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
@@ -781,6 +781,12 @@ static const char* usage_info[] = {
 " ",
 "             The four debug/dump options are independent, though it makes little sense to",
 "             specify a dump file without specifying a detail level.",
+"Note 1:      The (-X|-Y), -Z, -z and -S options are mutually exclusive.\n"
+"             In no case should the options be applied to a given selection successively.\n"
+"\n"
+"Note 2:      Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x options\n"
+"             such as - H, -V, -P, -J or -K are not supported and may cause buffer overflows.\n"
+"\n"
 " ",
 NULL
 };
@@ -2144,6 +2150,37 @@ void  process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
 		/*NOTREACHED*/
       }
     }
+    /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are
+     * mutually exclusive) --*/
+    char XY, Z, R, S;
+    XY = ((crop_data->crop_mode & CROP_WIDTH) ||
+          (crop_data->crop_mode & CROP_LENGTH))
+             ? 1
+             : 0;
+    Z = (crop_data->crop_mode & CROP_ZONES) ? 1 : 0;
+    R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0;
+    S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0;
+    if (XY + Z + R + S > 1)
+    {
+        TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and "
+                                          "-S are mutually exclusive.->exit");
+        exit(EXIT_FAILURE);
+    }
+
+    /* Check for not allowed combination:
+     * Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x
+options
+     * such as -H, -V, -P, -J or -K are not supported and may cause buffer
+overflows.
+.    */
+    if ((XY + Z + R > 0) && page->mode != PAGE_MODE_NONE)
+    {
+        TIFFError("tiffcrop input error",
+                  "Any of the crop options -X, -Y, -Z and -z together with "
+                  "other PAGE_MODE_x options such as - H, -V, -P, -J or -K is "
+                  "not supported and may cause buffer overflows..->exit");
+        exit(EXIT_FAILURE);
+    }
   }  /* end process_command_opts */
 
 /* Start a new output file if one has not been previously opened or
@@ -2416,6 +2453,7 @@ main(int argc, char* argv[])
         exit (EXIT_FAILURE);
 	}
 
+      /* Crop input image and copy zones and regions from input image into seg_buffs or crop_buff. */
       if (crop.selections > 0)
         {
         if (processCropSelections(&image, &crop, &read_buff, seg_buffs))
@@ -2432,6 +2470,7 @@ main(int argc, char* argv[])
           exit (EXIT_FAILURE);
 	  }
 	}
+      /* Format and write selected image parts to output file(s). */
       if (page.mode == PAGE_MODE_NONE)
         {  /* Whole image or sections not based on output page size */
         if (crop.selections > 0)