packages/exiv2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
exiv2/backport-CVE-2019-13109.patch

37 lines
1.0 KiB
Diff
Raw Normal View History

fix CVE-2019-13109
2020-04-28 18:01:48 +08:00
From 1fc5ef40b15735e1b02ec752ec535c19831aafa6 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kev@semmle.com>
Date: Thu, 25 Apr 2019 21:31:50 +0100
Subject: [PATCH] Avoid negative integer overflow when `iccOffset >
chunkLength`.
This fixes #790.
(cherry picked from commit 6fa2e31206127bd8bcac0269311f3775a8d6ea21)
---
src/pngimage.cpp | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/pngimage.cpp b/src/pngimage.cpp
index 49c8336..435dd3b 100644
--- a/src/pngimage.cpp
+++ b/src/pngimage.cpp
@@ -40,6 +40,7 @@ EXIV2_RCSID("@(#) $Id$")
#include "image_int.hpp"
#include "basicio.hpp"
#include "error.hpp"
+#include "enforce.hpp"
#include "futils.hpp"
#include "types.hpp"
@@ -480,6 +481,7 @@ namespace Exiv2 {
}
++iccOffset; // +1 = 'compressed' flag
+ enforce(iccOffset <= dataOffset, Exiv2::kerCorruptedMetadata);
zlibToDataBuf(cdataBuf.pData_ +iccOffset,dataOffset-iccOffset,iccProfile_);
#ifdef DEBUG
--
1.8.3.1
Reference in New Issue Copy Permalink