From 12ba27949b236ece918afafca757f7e30b1189d0 Mon Sep 17 00:00:00 2001
From: Su_Laus <sulau@freenet.de>
Date: Sun, 15 Jan 2023 13:29:03 +0100
Subject: Fix TIFFUnlinkDirectory(0) case and unlink of first directory.

If directory number 0 is unlinked, then the base offset variables within LibTiff are not updated. As a result, a subsequent TIFFSetDirectory() first goes to the unlinked former directory  number 0.

In addition, the error case for dirn=0 is handled.

This MR fixes that by updating the base offset variables  tif->tif_header.classic.tiff_diroff and tif->tif_header.big.tiff_diroff.
---
 libtiff/tif_dir.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
index 8c275e04..56ecbf39 100644
--- a/libtiff/tif_dir.c
+++ b/libtiff/tif_dir.c
@@ -2143,6 +2143,13 @@ int TIFFUnlinkDirectory(TIFF *tif, tdir_t dirn)
                       "Can not unlink directory in read-only file");
         return (0);
     }
+    if (dirn == 0)
+    {
+        TIFFErrorExtR(tif, module,
+                      "For TIFFUnlinkDirectory() first directory starts with "
+                      "number 1 and not 0");
+        return (0);
+    }
     /*
      * Go to the directory before the one we want
      * to unlink and nab the offset of the link
@@ -2205,6 +2212,17 @@ int TIFFUnlinkDirectory(TIFF *tif, tdir_t dirn)
             return (0);
         }
     }
+
+    /* For dirn=1 (first directory) also update the libtiff internal
+     * base offset variables. */
+    if (dirn == 1)
+    {
+        if (!(tif->tif_flags & TIFF_BIGTIFF))
+            tif->tif_header.classic.tiff_diroff = (uint32_t)nextdir;
+        else
+            tif->tif_header.big.tiff_diroff = nextdir;
+    }
+
     /*
      * Leave directory state setup safely.  We don't have
      * facilities for doing inserting and removing directories,
-- 
cgit v1.2.1