tiff: backport upstream fix for CVE-2022-2867, CVE-2022-2868, CVE-2022-2869
Fixes upstream issue #352 (closed) where a buffer overflow was generated
by an uint underflow in tiffcrop.c computeInputPixelOffsets()
calculating (uint32_t)(0 - 1) around line 5210. In the following
tiffcrop tries to read pixels from the image at an offset far beyond the
file-/buffersize.
The main region checks in computeInputPixelOffsets() are now updated to
avoid uint underflow.
This update fixes also upstream issues #350 (closed) and #351 (closed).
Issue 350 is fixed by checking for not allowed zone input cases like -Z
0:0 in getCropOffsets().
Furthermore upstream issue #335 (moved) (closed) and #336 (closed) (closed) are also
fixed.
CVE: CVE-2022-2867, CVE-2022-2868, CVE-2022-2869
Signed-off-by: Ghassane Ben El Aattar ghassaneb.aattar@huawei.com