rpms / exiv2

Clone
Source Code
GIT

Blame SOURCES/exiv2-validation-of-size-and-offset-to-avoid-crash.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   9d48aab9b72106d1767051b14b37476772e9b0bb
  2.   SOURCES
  3.   exiv2-validation-of-size-and-offset-to-avoid-crash.patch
Blob History Raw
9d48aa 
diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
9d48aa 
index 29311fd..c0d9553 100644
9d48aa 
--- a/src/crwimage_int.cpp
9d48aa 
+++ b/src/crwimage_int.cpp
9d48aa 
@@ -268,6 +268,9 @@ namespace Exiv2 {
9d48aa 
 #ifdef EXIV2_DEBUG_MESSAGES
9d48aa 
         std::cout << "Reading directory 0x" << std::hex << tag() << "\n";
9d48aa 
 #endif
9d48aa 
+        if (this->offset() + this->size() > size)
9d48aa 
+            throw Error(kerOffsetOutOfRange);
9d48aa 
+
9d48aa 
         readDirectory(pData + offset(), this->size(), byteOrder);
9d48aa 
 #ifdef EXIV2_DEBUG_MESSAGES
9d48aa 
         std::cout << "<---- 0x" << std::hex << tag() << "\n";

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation