33 lines
923 B
Diff
33 lines
923 B
Diff
From b7c71f3ad0386cd7af3b73443c0615ada073f0d5 Mon Sep 17 00:00:00 2001
|
|
From: Luis Diaz Mas <piponazo@gmail.com>
|
|
Date: Mon, 5 Nov 2018 13:30:18 +0100
|
|
Subject: [PATCH] PSD: enforce Length of image resource section < file size
|
|
|
|
---
|
|
src/psdimage.cpp | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/src/psdimage.cpp b/src/psdimage.cpp
|
|
index a5a8d9fe9..8ed67544d 100644
|
|
--- a/src/psdimage.cpp
|
|
+++ b/src/psdimage.cpp
|
|
@@ -33,7 +33,9 @@
|
|
#include "basicio.hpp"
|
|
#include "error.hpp"
|
|
#include "futils.hpp"
|
|
+
|
|
#include "safe_op.hpp"
|
|
+#include "enforce.hpp"
|
|
|
|
// + standard includes
|
|
#include <string>
|
|
@@ -197,6 +199,8 @@ namespace Exiv2 {
|
|
throw Error(3, "Photoshop");
|
|
}
|
|
uint32_t resourcesLength = getULong(buf, bigEndian);
|
|
+ enforce(resourcesLength < io_->size(), Exiv2::kerCorruptedMetadata);
|
|
+
|
|
while (resourcesLength > 0)
|
|
{
|
|
if (io_->read(buf, 8) != 8)
|