From 5b4e4abe263a66aad143a07e098547697431a1e3 Mon Sep 17 00:00:00 2001
From: zhangpan <zp1224248514@163.com>
Date: Thu, 13 Jul 2023 02:05:46 +0000
Subject: [PATCH] fix CVE-2023-3576

---
 backport-CVE-2023-3576.patch | 33 +++++++++++++++++++++++++++++++++
 libtiff.spec                 |  6 +++++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2023-3576.patch

diff --git a/backport-CVE-2023-3576.patch b/backport-CVE-2023-3576.patch
new file mode 100644
index 0000000..395a88b
--- /dev/null
+++ b/backport-CVE-2023-3576.patch
@@ -0,0 +1,33 @@
+From 881a070194783561fd209b7c789a4e75566f7f37 Mon Sep 17 00:00:00 2001
+From: zhailiangliang <zhailiangliang@loongson.cn>
+Date: Tue, 7 Mar 2023 15:02:08 +0800
+Subject: [PATCH] Fix memory leak in tiffcrop.c
+
+Reference:https://gitlab.com/libtiff/libtiff/-/merge_requests/475/diffs
+Conflict:NA
+
+---
+ tools/tiffcrop.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index d3e11ba25..24d0ca84f 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -8782,8 +8782,13 @@ static int createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ 
+     read_buff = *read_buff_ptr;
+ 
++    /* Memory is freed before crop_buff_ptr is overwritten */
++    if (*crop_buff_ptr != NULL)
++    {
++	_TIFFfree(*crop_buff_ptr);
++    }
++
+     /* process full image, no crop buffer needed */
+-    crop_buff = read_buff;
+     *crop_buff_ptr = read_buff;
+     crop->combined_width = image->width;
+     crop->combined_length = image->length;
+-- 
+GitLab
diff --git a/libtiff.spec b/libtiff.spec
index d2d1e65..b9a5cac 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.5.0
-Release:        7
+Release:        8
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://www.simplesystems.org/libtiff/
@@ -16,6 +16,7 @@ Patch6006:	backport-CVE-2023-3316.patch
 Patch6007:	backport-CVE-2023-25433.patch
 Patch6008:	backport-CVE-2023-26966.patch
 Patch6009:	backport-CVE-2023-2908.patch
+Patch6010:	backport-CVE-2023-3576.patch
 
 BuildRequires:  gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel
 BuildRequires:  libtool automake autoconf pkgconfig
@@ -135,6 +136,9 @@ find doc -name 'Makefile*' | xargs rm
 %exclude %{_mandir}/man1/*
 
 %changelog
+* Thu Jul 13 2023 zhangpan <zhangpan103@h-partners.com> - 4.5.0-8
+- fix CVE-2023-3576
+
 * Tue Jul 04 2023 zhangpan <zhangpan103@h-partners.com> - 4.5.0-7
 - fix CVE-2023-25433 CVE-2023-26966 CVE-2023-2908