Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
exiv2-0_26
CVE-2021-34334.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2021-34334.patch of Package exiv2-0_26
From 97c4880882d87aee77809b4b6e8fb4a5558e4ca2 Mon Sep 17 00:00:00 2001 From: Kevin Backhouse <kevinbackhouse@github.com> Date: Tue, 6 Jul 2021 18:15:40 +0100 Subject: [PATCH] Extra checking to prevent the loop counter from wrapping around. Index: exiv2-0.26/src/crwimage.cpp =================================================================== --- exiv2-0.26.orig/src/crwimage.cpp +++ exiv2-0.26/src/crwimage.cpp @@ -35,6 +35,7 @@ EXIV2_RCSID("@(#) $Id$") #include "crwimage.hpp" #include "crwimage_int.hpp" #include "error.hpp" +#include "enforce.hpp" #include "futils.hpp" #include "value.hpp" #include "tags.hpp" @@ -1015,12 +1016,16 @@ namespace Exiv2 { assert(ifdId != ifdIdNotSet); std::string groupName(Internal::groupName(ifdId)); + const uint32_t component_size = ciffComponent.size(); + enforce(component_size % 2 == 0, kerCorruptedMetadata); + enforce(component_size/2 <= static_cast<uint32_t>(std::numeric_limits<uint16_t>::max()), kerCorruptedMetadata); + const uint16_t num_components = static_cast<uint16_t>(component_size/2); uint16_t c = 1; - while (uint32_t(c)*2 < ciffComponent.size()) { + while (c < num_components) { uint16_t n = 1; ExifKey key(c, groupName); UShortValue value; - if (ifdId == canonCsId && c == 23 && ciffComponent.size() > 50) n = 3; + if (ifdId == canonCsId && c == 23 && component_size >= 52) n = 3; value.read(ciffComponent.pData() + c*2, n*2, byteOrder); image.exifData().add(key, &value); if (ifdId == canonSiId && c == 21) aperture = value.toLong();
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor