Blame SOURCES/exiv2-CVE-2021-37618.patch
|
 |
4e7124 |
From dbf472751fc8b87ea7d1de02f54eaf64233a2fb6 Mon Sep 17 00:00:00 2001
|
|
|
4e7124 |
From: Kevin Backhouse <kevinbackhouse@github.com>
|
|
|
4e7124 |
Date: Mon, 5 Jul 2021 10:40:03 +0100
|
|
|
4e7124 |
Subject: [PATCH 2/2] Better bounds checking in Jp2Image::printStructure
|
|
|
4e7124 |
|
|
|
4e7124 |
---
|
|
|
4e7124 |
src/jp2image.cpp | 2 ++
|
|
|
4e7124 |
1 file changed, 2 insertions(+)
|
|
|
4e7124 |
|
|
|
4e7124 |
diff --git a/src/jp2image.cpp b/src/jp2image.cpp
|
|
|
4e7124 |
index 43c93d7..a8c37e8 100644
|
|
|
4e7124 |
--- a/src/jp2image.cpp
|
|
|
4e7124 |
+++ b/src/jp2image.cpp
|
|
|
4e7124 |
@@ -42,6 +42,7 @@ EXIV2_RCSID("@(#) $Id$")
|
|
|
4e7124 |
#include "futils.hpp"
|
|
|
4e7124 |
#include "types.hpp"
|
|
|
4e7124 |
#include "safe_op.hpp"
|
|
|
4e7124 |
+#include "enforce.hpp"
|
|
|
4e7124 |
|
|
|
4e7124 |
// + standard includes
|
|
|
4e7124 |
#include <string>
|
|
|
4e7124 |
@@ -511,6 +512,7 @@ namespace Exiv2
|
|
|
4e7124 |
if(subBox.type == kJp2BoxTypeColorHeader)
|
|
|
4e7124 |
{
|
|
|
4e7124 |
long pad = 3 ; // don't know why there are 3 padding bytes
|
|
|
4e7124 |
+ enforce(data.size_ >= pad, kerCorruptedMetadata);
|
|
|
4e7124 |
if ( bPrint ) {
|
|
|
4e7124 |
out << " | pad:" ;
|
|
|
4e7124 |
for ( int i = 0 ; i < 3 ; i++ ) out<< " " << (int) data.pData_[i];
|
|
|
4e7124 |
@@ -521,6 +523,7 @@ namespace Exiv2
|
|
|
4e7124 |
}
|
|
|
4e7124 |
|
|
|
4e7124 |
DataBuf icc(iccLength);
|
|
|
4e7124 |
+ enforce(iccLength <= data.size_ - pad, kerCorruptedMetadata);
|
|
|
4e7124 |
if ( bICC ) out.write((const char*)icc.pData_,icc.size_);
|
|
|
4e7124 |
}
|
|
|
4e7124 |
lf(out,bLF);
|