fix CVE-2022-0561_and_CVE-2022-0562

cmake/external_libs/libtiff.cmake

@@ -29,6 +29,7 @@ mindspore_add_pkg(tiff
         URL ${REQ_URL}
         MD5 ${MD5}
         CMAKE_OPTION -DCMAKE_BUILD_TYPE=Release -Djbig=OFF -Dlzma=OFF -Djpeg12=OFF -Dzstd=OFF -Dpixarlog=OFF
-        -Dold-jpeg=OFF -Dwebp=OFF -DBUILD_SHARED_LIBS=OFF -Dlibdeflate=OFF)
+        -Dold-jpeg=OFF -Dwebp=OFF -DBUILD_SHARED_LIBS=OFF -Dlibdeflate=OFF
+        PATCHES ${TOP_DIR}/third_party/patch/libtiff/CVE-2022-0561_and_CVE-2022-0562.patch001)
 message("tiff include = ${tiff_INC}")
 message("tiff lib = ${tiff_LIB}")

third_party/patch/libtiff/CVE-2022-0561_and_CVE-2022-0562.patch001

@@ -0,0 +1,25 @@
+diff -Npur libtiff-v4.2.0/libtiff/tif_dirread.c libtiff-v4.2.0-change/libtiff/tif_dirread.c
+--- libtiff-v4.2.0/libtiff/tif_dirread.c	2020-12-20 02:44:58.000000000 +0800
++++ libtiff-v4.2.0-change/libtiff/tif_dirread.c	2022-03-17 18:04:49.959583584 +0800
+@@ -4173,7 +4173,8 @@ TIFFReadDirectory(TIFF* tif)
+                     goto bad;
+                 }
+ 
+-                memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
++				if (old_extrasamples > 0)
++                    memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
+                 _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
+                 _TIFFfree(new_sampleinfo);
+         }
+@@ -5765,8 +5766,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEn
+ 			_TIFFfree(data);
+ 			return(0);
+ 		}
+-                _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
+-                _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
++        if( dir->tdir_count )
++			_TIFFmemcpy(resizeddata,data, (uint32)dir->tdir_count * sizeof(uint64));
++		_TIFFmemset(resizeddata+(uint32)dir->tdir_count, 0, (nstrips - (uint32)dir->tdir_count) * sizeof(uint64));
+ 		_TIFFfree(data);
+ 		data=resizeddata;
+ 	}