From 5c7d5d9bb2c527b0ed617b807a19223833c99ae5 Mon Sep 17 00:00:00 2001
From: mgb01105731 <mgb01105731@alibaba-inc.com>
Date: Fri, 14 Mar 2025 05:43:30 -0400
Subject: [PATCH] to #IAGL52 Add patch to fix CVE-2023-52356 project:
 TC2024080204 Signed-off-by: mgb01105731 <mgb01105731@alibaba-inc.com>

---
 Fix-CVE-2023-52356.patch | 46 ++++++++++++++++++++++++++++++++++++++++
 libtiff.spec             | 11 +++++++++-
 2 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 Fix-CVE-2023-52356.patch

diff --git a/Fix-CVE-2023-52356.patch b/Fix-CVE-2023-52356.patch
new file mode 100644
index 0000000..33a9220
--- /dev/null
+++ b/Fix-CVE-2023-52356.patch
@@ -0,0 +1,46 @@
+From 51558511bdbbcffdce534db21dbaf5d54b31638a Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Tue, 31 Oct 2023 15:58:41 +0100
+Subject: [PATCH] TIFFReadRGBAStrip/TIFFReadRGBATile: add more validation of
+ col/row (fixes #622)
+
+---
+ libtiff/tif_getimage.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
+index 41f7dfd77..6fee35db2 100644
+--- a/libtiff/tif_getimage.c
++++ b/libtiff/tif_getimage.c
+@@ -3224,6 +3224,13 @@ int TIFFReadRGBAStripExt(TIFF *tif, uint32_t row, uint32_t *raster,
+     if (TIFFRGBAImageOK(tif, emsg) &&
+         TIFFRGBAImageBegin(&img, tif, stop_on_error, emsg))
+     {
++        if (row >= img.height)
++        {
++            TIFFErrorExtR(tif, TIFFFileName(tif),
++                          "Invalid row passed to TIFFReadRGBAStrip().");
++            TIFFRGBAImageEnd(&img);
++            return (0);
++        }
+ 
+         img.row_offset = row;
+         img.col_offset = 0;
+@@ -3301,6 +3308,14 @@ int TIFFReadRGBATileExt(TIFF *tif, uint32_t col, uint32_t row, uint32_t *raster,
+         return (0);
+     }
+ 
++    if (col >= img.width || row >= img.height)
++    {
++        TIFFErrorExtR(tif, TIFFFileName(tif),
++                      "Invalid row/col passed to TIFFReadRGBATile().");
++        TIFFRGBAImageEnd(&img);
++        return (0);
++    }
++
+     /*
+      * The TIFFRGBAImageGet() function doesn't allow us to get off the
+      * edge of the image, even to fill an otherwise valid tile.  So we
+-- 
+GitLab
+
diff --git a/libtiff.spec b/libtiff.spec
index 3abb129..a748c55 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 Summary:       Library of functions for manipulating TIFF format image files
 Name:          libtiff
 Version:       4.6.0
@@ -21,6 +21,9 @@ Patch1:        CVE-2023-6277.patch
 # https://gitlab.com/libtiff/libtiff/-/commit/1e7d217a323eac701b134afc4ae39b6bdfdbc96a
 Patch2:        CVE-2023-6228.patch
 
+# https://gitlab.com/libtiff/libtiff/-/commit/51558511bdbbcffdce534db21dbaf5d54b31638a
+Patch3:        Fix-CVE-2023-52356.patch
+
 %description
 The libtiff package contains a library of functions for manipulating
 TIFF (Tagged Image File Format) image format files.  TIFF is a widely
@@ -123,6 +126,12 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/
 %{_mandir}/man1/tiffsplit.1*
 
 %changelog
+* Fri Mar 14 2025 mgb01105731 <mgb01105731@alibaba-inc.com> - 4.6.0-2
+- to #IAGL52
+- Add patch to fix CVE-2023-52356
+- project: TC2024080204
+- Signed-off-by: mgb01105731 <mgb01105731@alibaba-inc.com>
+
 * Wed Feb 19 2025 mgb01105731 <mgb01105731@alibaba-inc.com> - 4.6.0-1
 - Update to 4.6.0 from 4.5.1
 - Remove libtiff-opengl by reason of tiffgt been removed
-- 
Gitee