From b55cfc746a8449b135cecb8bc1b97f27efd28da1 Mon Sep 17 00:00:00 2001 From: Su_Laus Date: Tue, 28 Dec 2021 15:25:48 +0100 Subject: Fix Issue #354 Segmentation Fault due to field_name=NULL --- libtiff/tif_close.c | 10 ++++++---- libtiff/tif_dirinfo.c | 11 +++++++++-- libtiff/tif_dirread.c | 2 +- libtiff/tif_print.c | 4 ++-- 4 files changed, 18 insertions(+), 9 deletions(-) diff --git a/libtiff/tif_close.c b/libtiff/tif_close.c index 674518a1..576e0843 100644 --- a/libtiff/tif_close.c +++ b/libtiff/tif_close.c @@ -80,10 +80,12 @@ TIFFCleanup(TIFF* tif) for (i = 0; i < tif->tif_nfields; i++) { TIFFField *fld = tif->tif_fields[i]; - if (fld->field_bit == FIELD_CUSTOM && - strncmp("Tag ", fld->field_name, 4) == 0) { - _TIFFfree(fld->field_name); - _TIFFfree(fld); + if (fld->field_name != NULL) { + if (fld->field_bit == FIELD_CUSTOM && + strncmp("Tag ", fld->field_name, 4) == 0) { + _TIFFfree(fld->field_name); + _TIFFfree(fld); + } } } diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c index c6fc58f1..0bd32c3f 100644 --- a/libtiff/tif_dirinfo.c +++ b/libtiff/tif_dirinfo.c @@ -420,11 +420,13 @@ _TIFFSetupFields(TIFF* tif, const TIFFFieldArray* fieldarray) for (i = 0; i < tif->tif_nfields; i++) { TIFFField *fld = tif->tif_fields[i]; - if (fld->field_bit == FIELD_CUSTOM && - strncmp("Tag ", fld->field_name, 4) == 0) { + if (fld->field_name != NULL) { + if (fld->field_bit == FIELD_CUSTOM && + strncmp("Tag ", fld->field_name, 4) == 0) { _TIFFfree(fld->field_name); _TIFFfree(fld); } + } } _TIFFfree(tif->tif_fields); @@ -1115,6 +1117,11 @@ TIFFMergeFieldInfo(TIFF* tif, const TIFFFieldInfo info[], uint32_t n) tp->field_bit = info[i].field_bit; tp->field_oktochange = info[i].field_oktochange; tp->field_passcount = info[i].field_passcount; + if (info[i].field_name == NULL) { + TIFFErrorExt(tif->tif_clientdata, module, + "Field_name of %d.th allocation tag %d is NULL", i, info[i].field_tag); + return -1; + } tp->field_name = info[i].field_name; tp->field_subfields = NULL; tp++; diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c index 14c031d1..2bbc4585 100644 --- a/libtiff/tif_dirread.c +++ b/libtiff/tif_dirread.c @@ -4531,7 +4531,7 @@ TIFFReadCustomDirectory(TIFF* tif, toff_t diroff, switch (dp->tdir_tag) { case EXIFTAG_SUBJECTDISTANCE: - if( strncmp(fip->field_name, "Tag ", 4) != 0 ) { + if(fip->field_name != NULL && strncmp(fip->field_name, "Tag ", 4) != 0 ) { /* should only be called on a Exif directory */ /* when exifFields[] is active */ (void)TIFFFetchSubjectDistance(tif, dp); diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c index db35e1c6..a071b124 100644 --- a/libtiff/tif_print.c +++ b/libtiff/tif_print.c @@ -81,7 +81,7 @@ _TIFFPrintField(FILE* fd, const TIFFField *fip, /* Print a user-friendly name for tags of relatively common use, but */ /* which aren't registered by libtiff itself. */ const char* field_name = fip->field_name; - if( strncmp(fip->field_name, "Tag ", 4) == 0 ) { + if( fip->field_name != NULL && strncmp(fip->field_name, "Tag ", 4) == 0 ) { for( size_t i = 0; i < NTAGS; ++i ) { if( fip->field_tag == tagnames[i].tag ) { field_name = tagnames[i].name; @@ -149,7 +149,7 @@ _TIFFPrettyPrintField(TIFF* tif, const TIFFField *fip, FILE* fd, uint32_t tag, (void) tif; /* do not try to pretty print auto-defined fields */ - if (strncmp(fip->field_name,"Tag ", 4) == 0) { + if (fip->field_name != NULL && strncmp(fip->field_name,"Tag ", 4) == 0) { return 0; } -- cgit v1.2.1