exiv2/CVE-2022-3755.patch

From 789ec5408f885709eef0a820416658b6e3882c0c Mon Sep 17 00:00:00 2001
From: qz_cx <wangqingzheng@kylinos.cn>
Date: Mon, 31 Oct 2022 15:13:45 +0800
Subject: [PATCH] Credit to
 OSS-Fuzz:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52382

Avoid null pointer deref #2384
 Merged
kevinbackhouse merged 2 commits into Exiv2
---
 src/quicktimevideo.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/quicktimevideo.cpp b/src/quicktimevideo.cpp
index 335d884..ef1a6e5 100644
--- a/src/quicktimevideo.cpp
+++ b/src/quicktimevideo.cpp
@@ -915,6 +915,7 @@ namespace Exiv2 {
             }
 
             else if(equalsQTimeTag(buf, "CMbo") || equalsQTimeTag(buf, "Cmbo")) {
+		enforce(tv, Exiv2::ErrorCode::kerCorruptedMetadata);
                 io_->read(buf.pData_, 2);
                 buf.pData_[2] = '\0' ;
                 tv_internal = find(cameraByteOrderTags, Exiv2::toString( buf.pData_));
-- 
2.33.0