Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
exiv2
0001-IptcData-printStructure-Remove-buffer-over...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-IptcData-printStructure-Remove-buffer-overrun.patch of Package exiv2
From f9b4f4669e2d181a22235bbd3f108b55542abbb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dan.cermak@cgc-instruments.com> Date: Fri, 6 Jul 2018 11:39:45 +0200 Subject: [PATCH] [IptcData::printStructure] Remove buffer overrun The loop condition will perform a range check correctly, but it will always dereference bytes[i], even if i is too large and fails the second check. => move the bytes[i] == 0x1c check into a if, after the range check was successfull (cherry picked from commit b2c3b61abcdb8e1a904e7c3f8b9f683c1b0b5668) --- src/iptc.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/iptc.cpp b/src/iptc.cpp index 99f5ee5b..fc3df043 100644 --- a/src/iptc.cpp +++ b/src/iptc.cpp @@ -359,7 +359,10 @@ namespace Exiv2 { while ( i < size-3 && bytes[i] != 0x1c ) i++; depth++; out << Internal::indent(depth) << "Record | DataSet | Name | Length | Data" << std::endl; - while ( bytes[i] == 0x1c && i < size-3 ) { + while ( i < size-3 ) { + if (bytes[i] != 0x1c) { + break; + } char buff[100]; uint16_t record = bytes[i+1]; uint16_t dataset = bytes[i+2]; -- 2.25.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor