rpms / exiv2

Clone
Source Code
GIT

Blame SOURCES/exiv2-validation-of-size-and-offset-to-avoid-crash.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   c7-beta
  2.   SOURCES
  3.   exiv2-validation-of-size-and-offset-to-avoid-crash.patch
Blob History Raw
9b1eea 
diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
9b1eea 
index 29311fd..c0d9553 100644
9b1eea 
--- a/src/crwimage_int.cpp
9b1eea 
+++ b/src/crwimage_int.cpp
9b1eea 
@@ -268,6 +268,9 @@ namespace Exiv2 {
9b1eea 
 #ifdef EXIV2_DEBUG_MESSAGES
9b1eea 
         std::cout << "Reading directory 0x" << std::hex << tag() << "\n";
9b1eea 
 #endif
9b1eea 
+        if (this->offset() + this->size() > size)
9b1eea 
+            throw Error(kerOffsetOutOfRange);
9b1eea 
+
9b1eea 
         readDirectory(pData + offset(), this->size(), byteOrder);
9b1eea 
 #ifdef EXIV2_DEBUG_MESSAGES
9b1eea 
         std::cout << "<---- 0x" << std::hex << tag() << "\n";

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation