From 12ba27949b236ece918afafca757f7e30b1189d0 Mon Sep 17 00:00:00 2001
From: Su_Laus <[EMAIL REDACTED]>
Date: Sun, 15 Jan 2023 13:29:03 +0100
Subject: [PATCH] Fix TIFFUnlinkDirectory(0) case and unlink of first
directory.
If directory number 0 is unlinked, then the base offset variables within LibTiff are not updated. As a result, a subsequent TIFFSetDirectory() first goes to the unlinked former directory number 0.
In addition, the error case for dirn=0 is handled.
This MR fixes that by updating the base offset variables tif->tif_header.classic.tiff_diroff and tif->tif_header.big.tiff_diroff.
---
libtiff/tif_dir.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
index 8c275e04..56ecbf39 100644
--- a/libtiff/tif_dir.c
+++ b/libtiff/tif_dir.c
@@ -2143,6 +2143,13 @@ int TIFFUnlinkDirectory(TIFF *tif, tdir_t dirn)
"Can not unlink directory in read-only file");
return (0);
}
+ if (dirn == 0)
+ {
+ TIFFErrorExtR(tif, module,
+ "For TIFFUnlinkDirectory() first directory starts with "
+ "number 1 and not 0");
+ return (0);
+ }
/*
* Go to the directory before the one we want
* to unlink and nab the offset of the link
@@ -2205,6 +2212,17 @@ int TIFFUnlinkDirectory(TIFF *tif, tdir_t dirn)
return (0);
}
}
+
+ /* For dirn=1 (first directory) also update the libtiff internal
+ * base offset variables. */
+ if (dirn == 1)
+ {
+ if (!(tif->tif_flags & TIFF_BIGTIFF))
+ tif->tif_header.classic.tiff_diroff = (uint32_t)nextdir;
+ else
+ tif->tif_header.big.tiff_diroff = nextdir;
+ }
+
/*
* Leave directory state setup safely. We don't have
* facilities for doing inserting and removing directories,