File CVE-2019-13112.patch of Package exiv2.30965
Index: exiv2-0.23/src/pngchunk.cpp
===================================================================
--- exiv2-0.23.orig/src/pngchunk.cpp
+++ exiv2-0.23/src/pngchunk.cpp
@@ -626,6 +626,10 @@ namespace Exiv2 {
sp++;
length = (long) atol(sp);
+ const char* eot = (char*)text.pData_ + text.size_;
+ if (length < 0 || length > (eot - sp)/2) {
+ throw Error(14);
+ }
while (*sp != ' ' && *sp != '\n')
sp++;
