diff options
| author | bsiegert <bsiegert@pkgsrc.org> | 2017-05-06 15:08:52 +0000 |
|---|---|---|
| committer | bsiegert <bsiegert@pkgsrc.org> | 2017-05-06 15:08:52 +0000 |
| commit | 76eecdd5f4b2e841e3bd22f6a350a62c73c0cf19 (patch) | |
| tree | 5fc1ee3fa4e3df2d4420885a432ed07668c5da85 | |
| parent | ad9aeb831bb8a91ffbcfa7229cc8555b5c80bf74 (diff) | |
| download | pkgsrc-76eecdd5f4b2e841e3bd22f6a350a62c73c0cf19.tar.gz | |
Pullup ticket #5404 - requested by sevan
graphics/tiff: security fix
Revisions pulled up:
- graphics/tiff/Makefile 1.127-1.129
- graphics/tiff/distinfo 1.73-1.75
- graphics/tiff/patches/patch-libtiff_tif_dir.c 1.1
- graphics/tiff/patches/patch-libtiff_tif_dirread.c 1.2
- graphics/tiff/patches/patch-libtiff_tif_dirwrite.c 1.1
- graphics/tiff/patches/patch-tools_tiffcp.c 1.2
- graphics/tiff/patches/patch-tools_tiffcrop.c 1.1-1.2
---
Module Name: pkgsrc
Committed By: he
Date: Fri May 5 19:16:58 UTC 2017
Modified Files:
pkgsrc/graphics/tiff: Makefile
Added Files:
pkgsrc/graphics/tiff/patches: patch-tools_tiffcrop.c
Log Message:
Apply fix from upstream to fix CVE-2016-10092, ref.
http://bugzilla.maptools.org/show_bug.cgi?id=2620 and
https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: he
Date: Fri May 5 19:28:23 UTC 2017
Modified Files:
pkgsrc/graphics/tiff: distinfo
Log Message:
Forgot "make mps", this one belongs to the previous update, 4.0.7nb3.
---
Module Name: pkgsrc
Committed By: he
Date: Fri May 5 20:06:03 UTC 2017
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
pkgsrc/graphics/tiff/patches: patch-tools_tiffcp.c
Log Message:
Apply fix for CVE-2016-10093
http://bugzilla.maptools.org/show_bug.cgi?id=2610
https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: sevan
Date: Fri May 5 20:14:05 UTC 2017
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
pkgsrc/graphics/tiff/patches: patch-libtiff_tif_dirread.c
patch-tools_tiffcrop.c
Added Files:
pkgsrc/graphics/tiff/patches: patch-libtiff_tif_dir.c
patch-libtiff_tif_dirwrite.c
Log Message:
CVE-2017-7596
CVE-2017-7597
CVE-2017-7599
CVE-2017-7600
https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
Dependency for applying advisory patch.
+http://bugzilla.maptools.org/show_bug.cgi?id=2535
+https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d
Bump rev.
| -rw-r--r-- | graphics/tiff/Makefile | 4 | ||||
| -rw-r--r-- | graphics/tiff/distinfo | 9 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-libtiff_tif_dir.c | 63 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-libtiff_tif_dirread.c | 37 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-libtiff_tif_dirwrite.c | 192 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-tools_tiffcp.c | 35 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-tools_tiffcrop.c | 28 |
7 files changed, 358 insertions, 10 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile index 92b078f495d..26117c1e728 100644 --- a/graphics/tiff/Makefile +++ b/graphics/tiff/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.125.4.1 2017/05/06 15:01:21 bsiegert Exp $ +# $NetBSD: Makefile,v 1.125.4.2 2017/05/06 15:08:52 bsiegert Exp $ DISTNAME= tiff-4.0.7 -PKGREVISION= 2 +PKGREVISION= 5 CATEGORIES= graphics MASTER_SITES= ftp://download.osgeo.org/libtiff/ diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo index bd12af6574a..430746e4e6b 100644 --- a/graphics/tiff/distinfo +++ b/graphics/tiff/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.71.4.1 2017/05/06 15:01:21 bsiegert Exp $ +$NetBSD: distinfo,v 1.71.4.2 2017/05/06 15:08:52 bsiegert Exp $ SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648 RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb @@ -6,7 +6,9 @@ SHA512 (tiff-4.0.7.tar.gz) = 941357bdd5f947cdca41a1d31ae14b3fadc174ae5dce7b7981d Size (tiff-4.0.7.tar.gz) = 2076392 bytes SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6 SHA1 (patch-html_man_Makefile.in) = 705604e2a3065da192e7354a4a9cdcd16bd6823d -SHA1 (patch-libtiff_tif_dirread.c) = 5c92e2c65a5d95f444f039955ee1afbafeccf5db +SHA1 (patch-libtiff_tif_dir.c) = 28c45b95cedeebe005b44b45393d66f61e0ea6f7 +SHA1 (patch-libtiff_tif_dirread.c) = 213b8c2f172303d095ef3edc3f850aa75de36d3d +SHA1 (patch-libtiff_tif_dirwrite.c) = 07ccbf8cf210b95d5ca7710cc2982368783b4dcb SHA1 (patch-libtiff_tif_getimage.c) = 267b555c8b043d0a835db4d46ef65131776601e6 SHA1 (patch-libtiff_tif_jpeg.c) = 1049b7b243e9e145886bcac8e68e5e7889337ebc SHA1 (patch-libtiff_tif_ojpeg.c) = 6447168e952bb80a1a8272c2c27bb0ce3ccf6939 @@ -15,4 +17,5 @@ SHA1 (patch-libtiff_tif_unix.c) = c8312771e567f90de0f77ac8eb66ed5c36e35617 SHA1 (patch-libtiff_tif_win32.c) = 1ea9dcb6618c40b9de3e8d2a81914355f2111fdc SHA1 (patch-libtiff_tiffio.h) = e0efa9e1246e07dbb3a69d626988a18f12ba9d3c SHA1 (patch-man_Makefile.in) = ff073529c9d3ab98a03efa7d98c3263c1782482f -SHA1 (patch-tools_tiffcp.c) = fa4846cfb5a52eedfb6dc4ed1306f45e3988ddc3 +SHA1 (patch-tools_tiffcp.c) = 42573d15fc66655a09e9227213b0929238f7e651 +SHA1 (patch-tools_tiffcrop.c) = 1d729028fb8c05de958424234d5cc2808acc9b25 diff --git a/graphics/tiff/patches/patch-libtiff_tif_dir.c b/graphics/tiff/patches/patch-libtiff_tif_dir.c new file mode 100644 index 00000000000..7a674febaae --- /dev/null +++ b/graphics/tiff/patches/patch-libtiff_tif_dir.c @@ -0,0 +1,63 @@ +$NetBSD: patch-libtiff_tif_dir.c,v 1.1.2.2 2017/05/06 15:08:52 bsiegert Exp $ + +CVE-2017-7596 +CVE-2017-7597 +CVE-2017-7599 +CVE-2017-7600 +https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 + +--- libtiff/tif_dir.c.orig 2016-10-29 23:03:18.000000000 +0000 ++++ libtiff/tif_dir.c +@@ -31,6 +31,7 @@ + * (and also some miscellaneous stuff) + */ + #include "tiffiop.h" ++#include <float.h> + + /* + * These are used in the backwards compatibility code... +@@ -154,6 +155,15 @@ bad: + return (0); + } + ++static float TIFFClampDoubleToFloat( double val ) ++{ ++ if( val > FLT_MAX ) ++ return FLT_MAX; ++ if( val < -FLT_MAX ) ++ return -FLT_MAX; ++ return (float)val; ++} ++ + static int + _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap) + { +@@ -312,13 +322,13 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va + dblval = va_arg(ap, double); + if( dblval < 0 ) + goto badvaluedouble; +- td->td_xresolution = (float) dblval; ++ td->td_xresolution = TIFFClampDoubleToFloat( dblval ); + break; + case TIFFTAG_YRESOLUTION: + dblval = va_arg(ap, double); + if( dblval < 0 ) + goto badvaluedouble; +- td->td_yresolution = (float) dblval; ++ td->td_yresolution = TIFFClampDoubleToFloat( dblval ); + break; + case TIFFTAG_PLANARCONFIG: + v = (uint16) va_arg(ap, uint16_vap); +@@ -327,10 +337,10 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va + td->td_planarconfig = (uint16) v; + break; + case TIFFTAG_XPOSITION: +- td->td_xposition = (float) va_arg(ap, double); ++ td->td_xposition = TIFFClampDoubleToFloat( va_arg(ap, double) ); + break; + case TIFFTAG_YPOSITION: +- td->td_yposition = (float) va_arg(ap, double); ++ td->td_yposition = TIFFClampDoubleToFloat( va_arg(ap, double) ); + break; + case TIFFTAG_RESOLUTIONUNIT: + v = (uint16) va_arg(ap, uint16_vap); diff --git a/graphics/tiff/patches/patch-libtiff_tif_dirread.c b/graphics/tiff/patches/patch-libtiff_tif_dirread.c index 6b163e49885..81740d2e33e 100644 --- a/graphics/tiff/patches/patch-libtiff_tif_dirread.c +++ b/graphics/tiff/patches/patch-libtiff_tif_dirread.c @@ -1,11 +1,40 @@ -$NetBSD: patch-libtiff_tif_dirread.c,v 1.2.2.2 2017/05/06 15:01:21 bsiegert Exp $ +$NetBSD: patch-libtiff_tif_dirread.c,v 1.2.2.3 2017/05/06 15:08:52 bsiegert Exp $ +CVE-2017-7596 +CVE-2017-7597 CVE-2017-7598 +CVE-2017-7599 +CVE-2017-7600 https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8 +https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 ---- libtiff/tif_dirread.c.orig 2016-11-18 02:42:46.000000000 +0000 +--- libtiff/tif_dirread.c.orig 2017-05-05 18:56:15.000000000 +0000 +++ libtiff/tif_dirread.c -@@ -2872,7 +2872,10 @@ static enum TIFFReadDirEntryErr TIFFRead +@@ -40,6 +40,7 @@ + */ + + #include "tiffiop.h" ++#include <float.h> + + #define IGNORE 0 /* tag placeholder used below */ + #define FAILED_FII ((uint32) -1) +@@ -2406,7 +2407,14 @@ static enum TIFFReadDirEntryErr TIFFRead + ma=(double*)origdata; + mb=data; + for (n=0; n<count; n++) +- *mb++=(float)(*ma++); ++ { ++ double val = *ma++; ++ if( val > FLT_MAX ) ++ val = FLT_MAX; ++ else if( val < -FLT_MAX ) ++ val = -FLT_MAX; ++ *mb++=(float)val; ++ } + } + break; + } +@@ -2872,7 +2880,10 @@ static enum TIFFReadDirEntryErr TIFFRead m.l = direntry->tdir_offset.toff_long8; if (tif->tif_flags&TIFF_SWAB) TIFFSwabArrayOfLong(m.i,2); @@ -17,7 +46,7 @@ https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8 *value=0.0; else *value=(double)m.i[0]/(double)m.i[1]; -@@ -2900,7 +2903,10 @@ static enum TIFFReadDirEntryErr TIFFRead +@@ -2900,7 +2911,10 @@ static enum TIFFReadDirEntryErr TIFFRead m.l=direntry->tdir_offset.toff_long8; if (tif->tif_flags&TIFF_SWAB) TIFFSwabArrayOfLong(m.i,2); diff --git a/graphics/tiff/patches/patch-libtiff_tif_dirwrite.c b/graphics/tiff/patches/patch-libtiff_tif_dirwrite.c new file mode 100644 index 00000000000..f1d59852631 --- /dev/null +++ b/graphics/tiff/patches/patch-libtiff_tif_dirwrite.c @@ -0,0 +1,192 @@ +$NetBSD: patch-libtiff_tif_dirwrite.c,v 1.1.2.2 2017/05/06 15:08:52 bsiegert Exp $ + +Dependency for applying advisory patch below without creating a variant. +http://bugzilla.maptools.org/show_bug.cgi?id=2535 +https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d + +CVE-2017-7596 +CVE-2017-7597 +CVE-2017-7599 +CVE-2017-7600 +https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 + +--- libtiff/tif_dirwrite.c.orig 2017-05-05 18:56:07.000000000 +0000 ++++ libtiff/tif_dirwrite.c +@@ -30,6 +30,7 @@ + * Directory Write Support Routines. + */ + #include "tiffiop.h" ++#include <float.h> + + #ifdef HAVE_IEEEFP + #define TIFFCvtNativeToIEEEFloat(tif, n, fp) +@@ -939,6 +940,69 @@ bad: + return(0); + } + ++static float TIFFClampDoubleToFloat( double val ) ++{ ++ if( val > FLT_MAX ) ++ return FLT_MAX; ++ if( val < -FLT_MAX ) ++ return -FLT_MAX; ++ return (float)val; ++} ++ ++static int8 TIFFClampDoubleToInt8( double val ) ++{ ++ if( val > 127 ) ++ return 127; ++ if( val < -128 || val != val ) ++ return -128; ++ return (int8)val; ++} ++ ++static int16 TIFFClampDoubleToInt16( double val ) ++{ ++ if( val > 32767 ) ++ return 32767; ++ if( val < -32768 || val != val ) ++ return -32768; ++ return (int16)val; ++} ++ ++static int32 TIFFClampDoubleToInt32( double val ) ++{ ++ if( val > 0x7FFFFFFF ) ++ return 0x7FFFFFFF; ++ if( val < -0x7FFFFFFF-1 || val != val ) ++ return -0x7FFFFFFF-1; ++ return (int32)val; ++} ++ ++static uint8 TIFFClampDoubleToUInt8( double val ) ++{ ++ if( val < 0 ) ++ return 0; ++ if( val > 255 || val != val ) ++ return 255; ++ return (uint8)val; ++} ++ ++static uint16 TIFFClampDoubleToUInt16( double val ) ++{ ++ if( val < 0 ) ++ return 0; ++ if( val > 65535 || val != val ) ++ return 65535; ++ return (uint16)val; ++} ++ ++static uint32 TIFFClampDoubleToUInt32( double val ) ++{ ++ if( val < 0 ) ++ return 0; ++ if( val > 0xFFFFFFFFU || val != val ) ++ return 0xFFFFFFFFU; ++ return (uint32)val; ++} ++ + static int + TIFFWriteDirectoryTagSampleformatArray(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, uint16 tag, uint32 count, double* value) + { +@@ -959,7 +1023,7 @@ TIFFWriteDirectoryTagSampleformatArray(T + if (tif->tif_dir.td_bitspersample<=32) + { + for (i = 0; i < count; ++i) +- ((float*)conv)[i] = (float)value[i]; ++ ((float*)conv)[i] = TIFFClampDoubleToFloat(value[i]); + ok = TIFFWriteDirectoryTagFloatArray(tif,ndir,dir,tag,count,(float*)conv); + } + else +@@ -971,19 +1035,19 @@ TIFFWriteDirectoryTagSampleformatArray(T + if (tif->tif_dir.td_bitspersample<=8) + { + for (i = 0; i < count; ++i) +- ((int8*)conv)[i] = (int8)value[i]; ++ ((int8*)conv)[i] = TIFFClampDoubleToInt8(value[i]); + ok = TIFFWriteDirectoryTagSbyteArray(tif,ndir,dir,tag,count,(int8*)conv); + } + else if (tif->tif_dir.td_bitspersample<=16) + { + for (i = 0; i < count; ++i) +- ((int16*)conv)[i] = (int16)value[i]; ++ ((int16*)conv)[i] = TIFFClampDoubleToInt16(value[i]); + ok = TIFFWriteDirectoryTagSshortArray(tif,ndir,dir,tag,count,(int16*)conv); + } + else + { + for (i = 0; i < count; ++i) +- ((int32*)conv)[i] = (int32)value[i]; ++ ((int32*)conv)[i] = TIFFClampDoubleToInt32(value[i]); + ok = TIFFWriteDirectoryTagSlongArray(tif,ndir,dir,tag,count,(int32*)conv); + } + break; +@@ -991,19 +1055,19 @@ TIFFWriteDirectoryTagSampleformatArray(T + if (tif->tif_dir.td_bitspersample<=8) + { + for (i = 0; i < count; ++i) +- ((uint8*)conv)[i] = (uint8)value[i]; ++ ((uint8*)conv)[i] = TIFFClampDoubleToUInt8(value[i]); + ok = TIFFWriteDirectoryTagByteArray(tif,ndir,dir,tag,count,(uint8*)conv); + } + else if (tif->tif_dir.td_bitspersample<=16) + { + for (i = 0; i < count; ++i) +- ((uint16*)conv)[i] = (uint16)value[i]; ++ ((uint16*)conv)[i] = TIFFClampDoubleToUInt16(value[i]); + ok = TIFFWriteDirectoryTagShortArray(tif,ndir,dir,tag,count,(uint16*)conv); + } + else + { + for (i = 0; i < count; ++i) +- ((uint32*)conv)[i] = (uint32)value[i]; ++ ((uint32*)conv)[i] = TIFFClampDoubleToUInt32(value[i]); + ok = TIFFWriteDirectoryTagLongArray(tif,ndir,dir,tag,count,(uint32*)conv); + } + break; +@@ -2094,15 +2158,25 @@ TIFFWriteDirectoryTagCheckedSlong8Array( + static int + TIFFWriteDirectoryTagCheckedRational(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, uint16 tag, double value) + { ++ static const char module[] = "TIFFWriteDirectoryTagCheckedRational"; + uint32 m[2]; +- assert(value>=0.0); + assert(sizeof(uint32)==4); +- if (value<=0.0) ++ if( value < 0 ) ++ { ++ TIFFErrorExt(tif->tif_clientdata,module,"Negative value is illegal"); ++ return 0; ++ } ++ else if( value != value ) ++ { ++ TIFFErrorExt(tif->tif_clientdata,module,"Not-a-number value is illegal"); ++ return 0; ++ } ++ else if (value==0.0) + { + m[0]=0; + m[1]=1; + } +- else if (value==(double)(uint32)value) ++ else if (value <= 0xFFFFFFFFU && value==(double)(uint32)value) + { + m[0]=(uint32)value; + m[1]=1; +@@ -2143,12 +2217,13 @@ TIFFWriteDirectoryTagCheckedRationalArra + } + for (na=value, nb=m, nc=0; nc<count; na++, nb+=2, nc++) + { +- if (*na<=0.0) ++ if (*na<=0.0 || *na != *na) + { + nb[0]=0; + nb[1]=1; + } +- else if (*na==(float)(uint32)(*na)) ++ else if (*na >= 0 && *na <= (float)0xFFFFFFFFU && ++ *na==(float)(uint32)(*na)) + { + nb[0]=(uint32)(*na); + nb[1]=1; diff --git a/graphics/tiff/patches/patch-tools_tiffcp.c b/graphics/tiff/patches/patch-tools_tiffcp.c index 2f655463779..b0ad6d718ab 100644 --- a/graphics/tiff/patches/patch-tools_tiffcp.c +++ b/graphics/tiff/patches/patch-tools_tiffcp.c @@ -1,10 +1,16 @@ -$NetBSD: patch-tools_tiffcp.c,v 1.2.2.2 2017/05/06 15:01:21 bsiegert Exp $ +$NetBSD: patch-tools_tiffcp.c,v 1.2.2.3 2017/05/06 15:08:52 bsiegert Exp $ CVE-2017-5225 http://bugzilla.maptools.org/show_bug.cgi?id=2656 http://bugzilla.maptools.org/show_bug.cgi?id=2657 https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7 +and + +CVE-2016-10093 +http://bugzilla.maptools.org/show_bug.cgi?id=2610 +https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec + --- tools/tiffcp.c.orig 2016-10-12 01:45:17.000000000 +0000 +++ tools/tiffcp.c @@ -592,7 +592,7 @@ static copyFunc pickCopyFunc(TIFF*, TIFF @@ -50,6 +56,33 @@ https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7 inbuf = _TIFFmalloc(scanlinesizein); outbuf = _TIFFmalloc(scanlinesizeout); +@@ -1163,7 +1183,7 @@ bad: + + static void + cpStripToTile(uint8* out, uint8* in, +- uint32 rows, uint32 cols, int outskew, int inskew) ++ uint32 rows, uint32 cols, int outskew, int64 inskew) + { + while (rows-- > 0) { + uint32 j = cols; +@@ -1320,7 +1340,7 @@ DECLAREreadFunc(readContigTilesIntoBuffe + tdata_t tilebuf; + uint32 imagew = TIFFScanlineSize(in); + uint32 tilew = TIFFTileRowSize(in); +- int iskew = imagew - tilew; ++ int64 iskew = (int64)imagew - (int64)tilew; + uint8* bufp = (uint8*) buf; + uint32 tw, tl; + uint32 row; +@@ -1348,7 +1368,7 @@ DECLAREreadFunc(readContigTilesIntoBuffe + status = 0; + goto done; + } +- if (colb + tilew > imagew) { ++ if (colb > iskew) { + uint32 width = imagew - colb; + uint32 oskew = tilew - width; + cpStripToTile(bufp + colb, @@ -1763,7 +1783,7 @@ pickCopyFunc(TIFF* in, TIFF* out, uint16 uint32 w, l, tw, tl; int bychunk; diff --git a/graphics/tiff/patches/patch-tools_tiffcrop.c b/graphics/tiff/patches/patch-tools_tiffcrop.c new file mode 100644 index 00000000000..026b4659a6b --- /dev/null +++ b/graphics/tiff/patches/patch-tools_tiffcrop.c @@ -0,0 +1,28 @@ +$NetBSD$ + +CVE-2016-10092 +http://bugzilla.maptools.org/show_bug.cgi?id=2620 +https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a +Fix double free +http://bugzilla.maptools.org/show_bug.cgi?id=2535 +https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d + +--- tools/tiffcrop.c.orig 2016-11-19 01:45:30.000000000 +0000 ++++ tools/tiffcrop.c +@@ -3698,7 +3698,7 @@ static int readContigStripsIntoBuffer (T + (unsigned long) strip, (unsigned long)rows); + return 0; + } +- bufp += bytes_read; ++ bufp += stripsize; + } + + return 1; +@@ -7986,7 +7986,6 @@ writeCroppedImage(TIFF *in, TIFF *out, s + if (!TIFFWriteDirectory(out)) + { + TIFFError("","Failed to write IFD for page number %d", pagenum); +- TIFFClose(out); + return (-1); + } + |