$NetBSD: patch-CVE-2022-22844,v 1.1 2022/03/25 08:36:37 nia Exp $

https://gitlab.com/libtiff/libtiff/-/issues/355

This fixes CVE-2022-22844.

--- tools/tiffset.c.orig	2021-03-07 11:39:11.000000000 +0000
+++ tools/tiffset.c
@@ -146,9 +146,19 @@ main(int argc, char* argv[])
 
             arg_index++;
             if (TIFFFieldDataType(fip) == TIFF_ASCII) {
-                if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1)
-                    fprintf( stderr, "Failed to set %s=%s\n",
-                             TIFFFieldName(fip), argv[arg_index] );
+                if(TIFFFieldPassCount( fip )) {
+                    size_t len;
+                    len = strlen(argv[arg_index]) + 1;
+                    if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip),
+                            (uint16_t)len, argv[arg_index]) != 1)
+                        fprintf( stderr, "Failed to set %s=%s\n",
+                            TIFFFieldName(fip), argv[arg_index] );
+                } else {
+                    if (TIFFSetField(tiff, TIFFFieldTag(fip),
+                            argv[arg_index]) != 1)
+                        fprintf( stderr, "Failed to set %s=%s\n",
+                            TIFFFieldName(fip), argv[arg_index] );
+                }
             } else if (TIFFFieldWriteCount(fip) > 0
 		       || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) {
                 int     ret = 1;
