[SCM] exiv2 packaging branch, master, updated. debian/0.25-3.1-3734-gdcbc29a
Maximiliano Curia
maxy at moszumanska.debian.org
Thu Jul 13 17:43:22 UTC 2017
Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-extras/exiv2.git;a=commitdiff;h=9b7f1de
The following commit has been merged in the master branch:
commit 9b7f1de5c08b62e405c554eca9c44e864e0f48ab
Author: Andreas Huggel <ahuggel at gmx.net>
Date: Fri Aug 31 04:30:53 2012 +0000
#841: Do not read past the end of the data stream (file), added test case.
---
src/pngimage.cpp | 4 +++-
test/bugfixes-test.sh | 7 +++++++
test/data/bugfixes-test.out | Bin 106735 -> 106845 bytes
test/data/exiv2-bug841.png | Bin 0 -> 2585 bytes
4 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/pngimage.cpp b/src/pngimage.cpp
index 3407371..b527901 100644
--- a/src/pngimage.cpp
+++ b/src/pngimage.cpp
@@ -118,6 +118,7 @@ namespace Exiv2 {
}
clearMetadata();
+ const long imgSize = io_->size();
DataBuf cheaderBuf(8); // Chunk header size : 4 bytes (data size) + 4 bytes (chunk type).
while(!io_->eof())
@@ -134,7 +135,8 @@ namespace Exiv2 {
// Decode chunk data length.
uint32_t dataOffset = Exiv2::getULong(cheaderBuf.pData_, Exiv2::bigEndian);
- if (dataOffset > 0x7FFFFFFF) throw Exiv2::Error(14);
+ long pos = io_->tell();
+ if (pos == -1 || static_cast<long>(dataOffset) > imgSize - pos) throw Exiv2::Error(14);
// Perform a chunk triage for item that we need.
diff --git a/test/bugfixes-test.sh b/test/bugfixes-test.sh
index 56cb285..c5fad4f 100755
--- a/test/bugfixes-test.sh
+++ b/test/bugfixes-test.sh
@@ -248,6 +248,13 @@ else
printf "($num skipped) " >&3
fi
+num=841
+filename=exiv2-bug$num.png
+printf "$num " >&3
+echo '------>' Bug $num '<-------' >&2
+cp -f ../data/$filename $filename
+$bin/exiv2 $filename
+
) 3>&1 > $results 2>&1
printf "
"
diff --git a/test/data/bugfixes-test.out b/test/data/bugfixes-test.out
index c78ecaf..29dbe32 100644
Binary files a/test/data/bugfixes-test.out and b/test/data/bugfixes-test.out differ
diff --git a/test/data/exiv2-bug841.png b/test/data/exiv2-bug841.png
new file mode 100644
index 0000000..0c09c65
Binary files /dev/null and b/test/data/exiv2-bug841.png differ
--
exiv2 packaging
More information about the pkg-kde-commits
mailing list