diff options
Diffstat (limited to 'user/exiv2/CVE-2019-17402.patch')
| -rw-r--r-- | user/exiv2/CVE-2019-17402.patch | 73 |
1 files changed, 0 insertions, 73 deletions
diff --git a/user/exiv2/CVE-2019-17402.patch b/user/exiv2/CVE-2019-17402.patch deleted file mode 100644 index f54b511b0..000000000 --- a/user/exiv2/CVE-2019-17402.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 683451567284005cd24e1ccb0a76ca401000968b Mon Sep 17 00:00:00 2001 -From: Jens Georg <mail@jensge.org> -Date: Sun, 6 Oct 2019 15:05:20 +0200 -Subject: [PATCH 1/2] crwimage: Check offset and size against total size - -Corrupted or specially crafted CRW images might exceed the overall -buffersize. - -Fixes #1019 ---- - src/crwimage_int.cpp | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp -index 2474baace..3315b86d7 100644 ---- a/src/crwimage_int.cpp -+++ b/src/crwimage_int.cpp -@@ -270,6 +270,9 @@ namespace Exiv2 { - #ifdef EXIV2_DEBUG_MESSAGES - std::cout << "Reading directory 0x" << std::hex << tag() << "\n"; - #endif -+ if (this->offset() + this->size() > size) -+ throw Error(kerOffsetOutOfRange); -+ - readDirectory(pData + offset(), this->size(), byteOrder); - #ifdef EXIV2_DEBUG_MESSAGES - std::cout << "<---- 0x" << std::hex << tag() << "\n"; - -From 73b874fb14d02578f876aa7dd404cf7c07b6dc4e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dan.cermak@cgc-instruments.com> -Date: Mon, 7 Oct 2019 23:25:00 +0200 -Subject: [PATCH 2/2] [tests] Add regression test for #1019 - ---- - test/data/POC-file_issue_1019 | Bin 0 -> 10078 bytes - tests/bugfixes/github/test_issue_1019.py | 14 ++++++++++++++ - tests/suite.conf | 1 + - 3 files changed, 15 insertions(+) - create mode 100755 test/data/POC-file_issue_1019 - create mode 100644 tests/bugfixes/github/test_issue_1019.py - -diff --git a/tests/bugfixes/github/test_issue_1019.py b/tests/bugfixes/github/test_issue_1019.py -new file mode 100644 -index 000000000..c2682f901 ---- /dev/null -+++ b/tests/bugfixes/github/test_issue_1019.py -@@ -0,0 +1,14 @@ -+from system_tests import CaseMeta, path -+ -+ -+class OverreadInCiffDirectoryReadDirectory(metaclass=CaseMeta): -+ -+ filename = path("$data_path/POC-file_issue_1019") -+ commands = ["$exiv2 -pv $filename"] -+ stdout = [""] -+ stderr = [ -+ """$exiv2_exception_message $filename: -+$kerOffsetOutOfRange -+""" -+ ] -+ retval = [1] -diff --git a/tests/suite.conf b/tests/suite.conf -index 5b31930c1..dab7427b3 100644 ---- a/tests/suite.conf -+++ b/tests/suite.conf -@@ -19,6 +19,7 @@ largeiptc_test: ${ENV:exiv2_path}/largeiptc-test${ENV:binary_extension} - easyaccess_test: ${ENV:exiv2_path}/easyaccess-test${ENV:binary_extension} - - [variables] -+kerOffsetOutOfRange: Offset out of range - kerFailedToReadImageData: Failed to read image data - kerCorruptedMetadata: corrupted image metadata - kerInvalidMalloc: invalid memory allocation request |