rev 20065 - kde-extras/exiv2/trunk/debian/patches
Maximiliano Curia
maxy at moszumanska.debian.org
Tue Aug 4 18:11:13 UTC 2015
Author: maxy
Date: 2015-08-04 18:11:13 +0000 (Tue, 04 Aug 2015)
New Revision: 20065
Added:
kde-extras/exiv2/trunk/debian/patches/CVE-2014-9449.patch
Log:
Incomplete integration
Added: kde-extras/exiv2/trunk/debian/patches/CVE-2014-9449.patch
===================================================================
--- kde-extras/exiv2/trunk/debian/patches/CVE-2014-9449.patch (rev 0)
+++ kde-extras/exiv2/trunk/debian/patches/CVE-2014-9449.patch 2015-08-04 18:11:13 UTC (rev 20065)
@@ -0,0 +1,41 @@
+From ed36a4692058f745a06d87bdaf107bc43c7d2359 Mon Sep 17 00:00:00 2001
+From: badola <badola at b7c8b350-86e7-0310-a4b4-de8f6a8f16a3>
+Date: Thu, 19 Jun 2014 20:28:44 +0000
+Subject: [PATCH] #960: Added a Buffer Overflow Fix in INFO tags of
+ RIFFVIDEO.CPP
+
+git-svn-id: svn://dev.exiv2.org/svn/trunk@3264 b7c8b350-86e7-0310-a4b4-de8f6a8f16a3
+---
+ src/riffvideo.cpp | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/riffvideo.cpp b/src/riffvideo.cpp
+index 4545bc3..0dcd291 100644
+--- a/src/riffvideo.cpp
++++ b/src/riffvideo.cpp
+@@ -856,7 +856,7 @@ namespace Exiv2 {
+
+ void RiffVideo::infoTagsHandler()
+ {
+- const long bufMinSize = 100;
++ const long bufMinSize = 10000;
+ DataBuf buf(bufMinSize);
+ buf.pData_[4] = '\0';
+ io_->seek(-12, BasicIo::cur);
+@@ -879,10 +879,14 @@ namespace Exiv2 {
+ if(infoSize >= 0) {
+ size -= infoSize;
+ io_->read(buf.pData_, infoSize);
++ if(infoSize < 4)
++ buf.pData_[infoSize] = '\0';
+ }
+
+ if(tv)
+ xmpData_[exvGettext(tv->label_)] = buf.pData_;
++ else
++ continue;
+ }
+ io_->seek(cur_pos + size_external, BasicIo::beg);
+ } // RiffVideo::infoTagsHandler
+--
+2.1.4
More information about the pkg-kde-commits
mailing list