exiv2/CVE-2018-19107-CVE-2018-19108-1.patch

From 68966932510213b5656fcf433ab6d7e26f48e23b Mon Sep 17 00:00:00 2001
From: Luis Diaz Mas <piponazo@gmail.com>
Date: Sun, 4 Nov 2018 22:33:03 +0100
Subject: [PATCH] PSD: Use Safe::add for preventing overflows in PSD files

---
 src/psdimage.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/psdimage.cpp b/src/psdimage.cpp
index 02e0e87b0..a5a8d9fe9 100644
--- a/src/psdimage.cpp
+++ b/src/psdimage.cpp
@@ -33,6 +33,7 @@
 #include "basicio.hpp"
 #include "error.hpp"
 #include "futils.hpp"
+#include "safe_op.hpp"
 
 // + standard includes
 #include <string>
@@ -228,7 +229,8 @@ namespace Exiv2 {
             readResourceBlock(resourceId, resourceSize);
             resourceSize = (resourceSize + 1) & ~1;        // pad to even
             io_->seek(curOffset + resourceSize, BasicIo::beg);
-            resourcesLength -= (12 + resourceNameLength + resourceSize);
+            resourcesLength -= Safe::add(Safe::add(static_cast<uint32_t>(12), resourceNameLength),
+                                         resourceSize);
         }
 
     } // PsdImage::readMetadata
Package init 2019-09-30 10:38:30 -04:00			`From 68966932510213b5656fcf433ab6d7e26f48e23b Mon Sep 17 00:00:00 2001`
			`From: Luis Diaz Mas <piponazo@gmail.com>`
			`Date: Sun, 4 Nov 2018 22:33:03 +0100`
			`Subject: [PATCH] PSD: Use Safe::add for preventing overflows in PSD files`

			`---`
			`src/psdimage.cpp \| 4 +++-`
			`1 file changed, 3 insertions(+), 1 deletion(-)`

			`diff --git a/src/psdimage.cpp b/src/psdimage.cpp`
			`index 02e0e87b0..a5a8d9fe9 100644`
			`--- a/src/psdimage.cpp`
			`+++ b/src/psdimage.cpp`
			`@@ -33,6 +33,7 @@`
			`#include "basicio.hpp"`
			`#include "error.hpp"`
			`#include "futils.hpp"`
			`+#include "safe_op.hpp"`

			`// + standard includes`
			`#include <string>`
			`@@ -228,7 +229,8 @@ namespace Exiv2 {`
			`readResourceBlock(resourceId, resourceSize);`
			`resourceSize = (resourceSize + 1) & ~1; // pad to even`
			`io_->seek(curOffset + resourceSize, BasicIo::beg);`
			`- resourcesLength -= (12 + resourceNameLength + resourceSize);`
			`+ resourcesLength -= Safe::add(Safe::add(static_cast<uint32_t>(12), resourceNameLength),`
			`+ resourceSize);`
			`}`

			`} // PsdImage::readMetadata`