libtiff: Fix memory leak in tiffcrop.c (CVE-2023-3576)

From 62169a209ce057a2bef008becddf9af22c6b7815 Mon Sep 17 00:00:00 2001
From: Ozkan Sezer <[EMAIL REDACTED]>
Date: Sun, 10 Dec 2023 05:50:45 +0300
Subject: [PATCH] Fix memory leak in tiffcrop.c (CVE-2023-3576)

From debian. Patch authored by zhailiangliang
---
 tools/tiffcrop.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
index d90de4b9..dcf33d68 100644
--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
@@ -7816,8 +7816,13 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
 
   read_buff = *read_buff_ptr;
 
+  /* Memory is freed before crop_buff_ptr is overwritten */
+  if (*crop_buff_ptr != NULL)
+  {
+      _TIFFfree(*crop_buff_ptr);
+  }
+
   /* process full image, no crop buffer needed */
-  crop_buff = read_buff;
   *crop_buff_ptr = read_buff;
   crop->combined_width = image->width;
   crop->combined_length = image->length;