File CVE-2018-18915.patch of Package exiv2

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2018-18915.patch of Package exiv2

From 5dc530e2b049370859e80d8fcd562b0f6a3f6729 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@gmail.com>
Date: Sun, 4 Nov 2018 18:44:38 +0100
Subject: [PATCH] Check in Image::printIFDStructure if seek and reads are OK

---
 src/image.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

Index: exiv2-0.26/src/image.cpp
===================================================================
--- exiv2-0.26.orig/src/image.cpp
+++ exiv2-0.26/src/image.cpp
@@ -347,8 +347,11 @@ namespace Exiv2 {
 
         do {
             // Read top of directory
-            io.seek(start,BasicIo::beg);
-            io.read(dir.pData_, 2);
+            const int seekSuccess = !io.seek(start,BasicIo::beg);
+            const long bytesRead = io.read(dir.pData_, 2);
+            if (!seekSuccess || bytesRead == 0) {
+                throw Error(kerCorruptedMetadata);
+            }
             uint16_t   dirLength = byteSwap2(dir,0,bSwap);
 
             bool tooBig = dirLength > 500;

Places

File CVE-2018-18915.patch of Package exiv2

Places