From d025f9ce238c1d563fc7c7ff50522fc94eca2e44 Mon Sep 17 00:00:00 2001
From: wubijie <wubijie@kylinos.cn>
Date: Tue, 5 Aug 2025 16:10:59 +0800
Subject: [PATCH] fix cve-2025-8534

(cherry picked from commit 18eaaa37e7204c5513d8020e376a1a67ee2507ea)
---
 backport-CVE-2025-8534.patch | 58 ++++++++++++++++++++++++++++++++++++
 libtiff.spec                 |  6 +++-
 2 files changed, 63 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2025-8534.patch

diff --git a/backport-CVE-2025-8534.patch b/backport-CVE-2025-8534.patch
new file mode 100644
index 0000000..993a64c
--- /dev/null
+++ b/backport-CVE-2025-8534.patch
@@ -0,0 +1,58 @@
+From 6ba36f159fd396ad11bf6b7874554197736ecc8b Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Sat, 2 Aug 2025 18:55:54 +0200
+Subject: [PATCH] tiff2ps: check return of TIFFGetFiled() for
+ TIFFTAG_STRIPBYTECOUNTS and TIFFTAG_TILEBYTECOUNTS to avoid NULL pointer
+ dereference.
+
+Closes #718
+---
+ tools/tiff2ps.c | 20 +++++++++++++++++---
+ 1 file changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/tools/tiff2ps.c b/tools/tiff2ps.c
+index 02158c31..9e163ab4 100644
+--- a/tools/tiff2ps.c
++++ b/tools/tiff2ps.c
+@@ -2434,12 +2434,22 @@ int PS_Lvl2page(FILE *fd, TIFF *tif, uint32_t w, uint32_t h)
+     if (tiled_image)
+     {
+         num_chunks = TIFFNumberOfTiles(tif);
+-        TIFFGetField(tif, TIFFTAG_TILEBYTECOUNTS, &bc);
++        if (!TIFFGetField(tif, TIFFTAG_TILEBYTECOUNTS, &bc))
++        {
++            TIFFError(filename,
++                      "Can't read bytecounts of tiles at PS_Lvl2page()");
++            return (FALSE);
++        }
+     }
+     else
+     {
+         num_chunks = TIFFNumberOfStrips(tif);
+-        TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc);
++        if (!TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc))
++        {
++            TIFFError(filename,
++                      "Can't read bytecounts of strips at PS_Lvl2page()");
++            return (FALSE);
++        }
+     }
+ 
+     if (use_rawdata)
+@@ -3108,7 +3118,11 @@ void PSRawDataBW(FILE *fd, TIFF *tif, uint32_t w, uint32_t h)
+     (void)w;
+     (void)h;
+     TIFFGetFieldDefaulted(tif, TIFFTAG_FILLORDER, &fillorder);
+-    TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc);
++    if (!TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc))
++    {
++        TIFFError(filename, "Can't read bytecounts of strips at PSRawDataBW()");
++        return;
++    }
+ 
+     /*
+      * Find largest strip:
+-- 
+GitLab
+
+
diff --git a/libtiff.spec b/libtiff.spec
index 1fe5918..0e25495 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.7.0
-Release:        3
+Release:        4
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://libtiff.gitlab.io/libtiff/
@@ -9,6 +9,7 @@ Source0:        https://download.osgeo.org/libtiff/tiff-%{version}.tar.xz
 Patch6000:      backport-CVE-2025-8176.patch
 Patch6001:      backport-CVE-2025-8177.patch
 Patch6002:      backport-CVE-2024-13978.patch
+Patch6003:      backport-CVE-2025-8534.patch
 
 BuildRequires:  gcc gcc-c++
 BuildRequires:  zlib-devel
@@ -120,6 +121,9 @@ LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH %make_build check
 %doc TODO ChangeLog doc
 
 %changelog
+* Tue Aug 05 2025 wubijie <wubijie@kylinos.cn> - 4.7.0-4
+- fix CVE-2025-8534
+
 * Mon Aug 04 2025 lingsheng <lingsheng1@h-partners.com> - 4.7.0-3
 - fix CVE-2024-13978
 
-- 
Gitee