Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
exempi
CVE-2020-18651.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2020-18651.patch of Package exempi
From fdd4765a699f9700850098b43b9798b933acb32f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hubert=20Figui=C3=A8re?= <hub@figuiere.net> Date: Sun, 28 Jul 2019 10:15:19 -0400 Subject: [PATCH] Issue #13 - Fix a buffer a overflow in ID3 support https://gitlab.freedesktop.org/libopenraw/exempi/issues/13 --- XMPFiles/source/FormatSupport/ID3_Support.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/XMPFiles/source/FormatSupport/ID3_Support.cpp b/XMPFiles/source/FormatSupport/ID3_Support.cpp index 0bc4eb6..ee8bb0b 100644 --- a/XMPFiles/source/FormatSupport/ID3_Support.cpp +++ b/XMPFiles/source/FormatSupport/ID3_Support.cpp @@ -682,6 +682,10 @@ bool ID3v2Frame::getFrameValue ( XMP_Uns8 /*majorVersion*/, XMP_Uns32 logicalID, std::string tmp ( this->content, this->contentSize ); bool bigEndian = true; // assume for now (if no BOM follows) + if (pos + 2 > this->contentSize) { + // No enough for the string + break; + } if ( GetUns16BE ( &this->content[pos] ) == 0xFEFF ) { pos += 2; bigEndian = true; @@ -699,6 +703,10 @@ bool ID3v2Frame::getFrameValue ( XMP_Uns8 /*majorVersion*/, XMP_Uns32 logicalID, { if ( commMode && (! advancePastCOMMDescriptor ( pos )) ) return false; // not a frame of interest! + if (pos + 4 > this->contentSize) { + // No enough for the string + break; + } if ( (GetUns32BE ( &this->content[pos]) & 0xFFFFFF00 ) == 0xEFBBBF00 ) { pos += 3; // swallow any BOM, just in case } -- 2.41.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor