packages/exiv2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
exiv2/CVE-2018-17581.patch
dogsheng f8df7c48c6 Package init
2019-12-25 15:45:26 +08:00

42 lines
1.4 KiB
Diff
Raw Blame History

From b3d077dcaefb6747fff8204490f33eba5a144edb Mon Sep 17 00:00:00 2001
From: Robin Mills <robin@clanmills.com>
Date: Sat, 13 Oct 2018 11:38:56 +0200
Subject: [PATCH] Fix #460 by adding more checks in
CiffDirectory::readDirectory
---
src/crwimage.cpp | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/crwimage.cpp b/src/crwimage.cpp
index 0c04761..ebe1da7 100644
--- a/src/crwimage.cpp
+++ b/src/crwimage.cpp
@@ -451,16 +451,21 @@ namespace Exiv2 {
uint32_t size,
ByteOrder byteOrder)
{
+ if (size < 4)
+ throw Error(33);
uint32_t o = getULong(pData + size - 4, byteOrder);
- if (size < 2 || o > size-2) throw Error(33);
+ if ( o+2 > size )
+ throw Error(33);
uint16_t count = getUShort(pData + o, byteOrder);
#ifdef DEBUG
std::cout << "Directory at offset " << std::dec << o
<<", " << count << " entries \n";
#endif
o += 2;
+ if ( (o + (count * 10)) > size )
+ throw Error(33);
+
for (uint16_t i = 0; i < count; ++i) {
- if (size < 10 || o > size-10) throw Error(33);
uint16_t tag = getUShort(pData + o, byteOrder);
CiffComponent::AutoPtr m;
switch (CiffComponent::typeId(tag)) {
--
2.19.1
Reference in New Issue View Git Blame Copy Permalink