[SCM] exiv2 packaging branch, master, updated. debian/0.25-3.1-3734-gdcbc29a
Maximiliano Curia
maxy at moszumanska.debian.org
Thu Jul 13 17:44:13 UTC 2017
Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-extras/exiv2.git;a=commitdiff;h=4ac0369
The following commit has been merged in the master branch:
commit 4ac03695bd9a61333eb11f8b125df1a905974198
Author: Robin Mills <robin at clanmills.com>
Date: Sun Jul 13 23:32:16 2014 +0000
CID: 982065: Wrapper object use after free.
I've move AutoPtr m and CiffComponent* cc into the object (instead of the stack) and m_ and cc_.
This should ensure equal lifetime for m_ and cc_ and so the returned value of cc_ will be valid during recursion.
---
src/crwimage.cpp | 33 +++++++++++++++------------------
src/crwimage_int.hpp | 2 ++
2 files changed, 17 insertions(+), 18 deletions(-)
diff --git a/src/crwimage.cpp b/src/crwimage.cpp
index ee6af50..06d2187 100644
--- a/src/crwimage.cpp
+++ b/src/crwimage.cpp
@@ -779,11 +779,11 @@ namespace Exiv2 {
CiffComponent* CiffDirectory::doFindComponent(uint16_t crwTagId,
uint16_t crwDir) const
{
- CiffComponent* cc = 0;
+ CiffComponent* cc = NULL;
const Components::const_iterator b = components_.begin();
const Components::const_iterator e = components_.end();
for (Components::const_iterator i = b; i != e; ++i) {
- cc = (*i)->findComponent(crwTagId, crwDir);
+ cc = (*i)->findComponent(crwTagId, crwDir);
if (cc) return cc;
}
return 0;
@@ -797,8 +797,7 @@ namespace Exiv2 {
assert(rootDirectory == 0x0000);
crwDirs.pop();
if (!pRootDir_) pRootDir_ = new CiffDirectory;
- CiffComponent* cc = pRootDir_->add(crwDirs, crwTagId);
- cc->setValue(buf);
+ if ( pRootDir_) pRootDir_->add(crwDirs, crwTagId)->setValue(buf);
} // CiffHeader::add
CiffComponent* CiffComponent::add(CrwDirs& crwDirs, uint16_t crwTagId)
@@ -825,8 +824,6 @@ namespace Exiv2 {
if not found, create it
set value
*/
- AutoPtr m;
- CiffComponent* cc = 0;
const Components::iterator b = components_.begin();
const Components::iterator e = components_.end();
@@ -836,35 +833,35 @@ namespace Exiv2 {
// Find the directory
for (Components::iterator i = b; i != e; ++i) {
if ((*i)->tag() == csd.crwDir_) {
- cc = *i;
+ cc_ = *i;
break;
}
}
- if (cc == 0) {
+ if (cc_ == 0) {
// Directory doesn't exist yet, add it
- m = AutoPtr(new CiffDirectory(csd.crwDir_, csd.parent_));
- cc = m.get();
- add(m);
+ m_ = AutoPtr(new CiffDirectory(csd.crwDir_, csd.parent_));
+ cc_ = m_.get();
+ add(m_);
}
// Recursive call to next lower level directory
- cc = cc->add(crwDirs, crwTagId);
+ cc_ = cc_->add(crwDirs, crwTagId);
}
else {
// Find the tag
for (Components::iterator i = b; i != e; ++i) {
if ((*i)->tagId() == crwTagId) {
- cc = *i;
+ cc_ = *i;
break;
}
}
- if (cc == 0) {
+ if (cc_ == 0) {
// Tag doesn't exist yet, add it
- m = AutoPtr(new CiffEntry(crwTagId, tag()));
- cc = m.get();
- add(m);
+ m_ = AutoPtr(new CiffEntry(crwTagId, tag()));
+ cc_ = m_.get();
+ add(m_);
}
}
- return cc;
+ return cc_;
} // CiffDirectory::doAdd
void CiffHeader::remove(uint16_t crwTagId, uint16_t crwDir)
diff --git a/src/crwimage_int.hpp b/src/crwimage_int.hpp
index 346b4d5..3e9f01a 100644
--- a/src/crwimage_int.hpp
+++ b/src/crwimage_int.hpp
@@ -426,6 +426,8 @@ namespace Exiv2 {
private:
// DATA
Components components_; //!< List of components in this dir
+ AutoPtr m_; // used by recursive doAdd
+ CiffComponent* cc_;
}; // class CiffDirectory
--
exiv2 packaging
More information about the pkg-kde-commits
mailing list