From 487f4136013d9fa3351b863e5f861463a1cbddcf Mon Sep 17 00:00:00 2001 From: Victor Rodriguez Date: Sat, 18 Aug 2018 13:54:55 +0000 Subject: [PATCH] Issue #9 - Fix null-pointer-dereference (CVE-2018-12648) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference. https://bugs.freedesktop.org/show_bug.cgi?id=106981 https://gitlab.freedesktop.org/libopenraw/exempi/issues/9 Signed-off-by: Victor Rodriguez Signed-off-by: Hubert Figuière --- XMPFiles/source/FormatSupport/WEBP_Support.cpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/XMPFiles/source/FormatSupport/WEBP_Support.cpp b/XMPFiles/source/FormatSupport/WEBP_Support.cpp index ffaf220..4fe705b 100644 --- a/XMPFiles/source/FormatSupport/WEBP_Support.cpp +++ b/XMPFiles/source/FormatSupport/WEBP_Support.cpp @@ -160,9 +160,11 @@ bool VP8XChunk::xmp() } void VP8XChunk::xmp(bool hasXMP) { - XMP_Uns32 flags = GetLE32(&this->data[0]); - flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT); - PutLE32(&this->data[0], flags); + if (&this->data[0] != NULL) { + XMP_Uns32 flags = GetLE32(&this->data[0]); + flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT); + PutLE32(&this->data[0], flags); + } } Container::Container(WEBP_MetaHandler* handler) : Chunk(NULL, handler) -- 2.17.1