[SCM] exiv2 packaging branch, master, updated. debian/0.25-3.1-3734-gdcbc29a
Maximiliano Curia
maxy at moszumanska.debian.org
Thu Jul 13 17:38:26 UTC 2017
Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-extras/exiv2.git;a=commitdiff;h=9bdd35f
The following commit has been merged in the master branch:
commit 9bdd35fa1412ec7070581d76210c1d3769d138cb
Author: Andreas Huggel <ahuggel at gmx.net>
Date: Mon Apr 30 15:57:23 2007 +0000
#513: Added check for size of IFD entries to prevent crash.
---
src/ifd.cpp | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/src/ifd.cpp b/src/ifd.cpp
index bc9d973..c743570 100644
--- a/src/ifd.cpp
+++ b/src/ifd.cpp
@@ -356,7 +356,21 @@ namespace Exiv2 {
pe.tag_ = getUShort(buf + o, byteOrder);
pe.type_ = getUShort(buf + o + 2, byteOrder);
pe.count_ = getULong(buf + o + 4, byteOrder);
- pe.size_ = pe.count_ * TypeInfo::typeSize(TypeId(pe.type_));
+ uint32_t ts = TypeInfo::typeSize(TypeId(pe.type_));
+ if (pe.count_ >= 0x10000000 && ts != 0) {
+ if (pe.count_ >= 0x80000000 / ts) {
+#ifndef SUPPRESS_WARNINGS
+ std::cerr << "Warning: "
+ << ExifTags::ifdName(ifdId_) << " tag 0x"
+ << std::setw(4) << std::setfill('0') << std::hex
+ << pe.tag_ << " has invalid size "
+ << std::dec << pe.count_ << "*" << ts
+ << "; truncating the data.
";
+#endif
+ pe.count_ = 0;
+ }
+ }
+ pe.size_ = pe.count_ * ts;
pe.offsetLoc_ = o + 8 - shift;
pe.offset_ = pe.size_ > 4 ? getLong(buf + o + 8, byteOrder) : 0;
preEntries.push_back(pe);
--
exiv2 packaging
More information about the pkg-kde-commits
mailing list