Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
exempi.6890
CVE-2017-18234.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2017-18234.patch of Package exempi.6890
diff --git a/exempi/exempi.cpp b/exempi/exempi.cpp index a57aba6..a4259dd 100644 --- a/exempi/exempi.cpp +++ b/exempi/exempi.cpp @@ -186,8 +186,8 @@ bool xmp_init() RESET_ERROR; try { // no need to initialize anything else. - // XMP SDK 5.1.2 needs this because it has been lobotomized of local text conversion - // the one that was done in Exempi with libiconv. + // XMP SDK 5.1.2 needs this because it has been stripped off local + // text conversion the one that was done in Exempi with libiconv. return SXMPFiles::Initialize(kXMPFiles_IgnoreLocalText); } catch(const XMP_Error & e) { diff --git a/source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp b/source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp index 316cea0..04b16bb 100644 --- a/source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp +++ b/source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp @@ -65,7 +65,7 @@ void TIFF_MemoryReader::SortIFD ( TweakedIFDInfo* thisIFD ) } else if ( thisTag == prevTag ) { // Duplicate tag, keep the 2nd copy, move the tail of the array up, prevTag is unchanged. - memcpy ( &ifdEntries[i-1], &ifdEntries[i], 12*(tagCount-i) ); // AUDIT: Safe, moving tail forward, i >= 1. + memmove ( &ifdEntries[i-1], &ifdEntries[i], 12*(tagCount-i) ); // may overlap -- Hub --tagCount; --i; // ! Don't move forward in the array, we've moved the unseen part up. @@ -81,7 +81,7 @@ void TIFF_MemoryReader::SortIFD ( TweakedIFDInfo* thisIFD ) // Out of order duplicate, move it to position j, move the tail of the array up. ifdEntries[j] = ifdEntries[i]; - memcpy ( &ifdEntries[i], &ifdEntries[i+1], 12*(tagCount-(i+1)) ); // AUDIT: Safe, moving tail forward, i >= 1. + memmove ( &ifdEntries[i], &ifdEntries[i+1], 12*(tagCount-(i+1)) ); // may overlap -- Hub --tagCount; --i; // ! Don't move forward in the array, we've moved the unseen part up. @@ -212,7 +212,11 @@ bool TIFF_MemoryReader::GetTag ( XMP_Uns8 ifd, XMP_Uns16 id, TagInfo* info ) con info->dataLen = thisTag->bytes; info->dataPtr = this->GetDataPtr ( thisTag ); - + // Here we know that if it is NULL, it is wrong. -- Hub + // GetDataPtr will return NULL in case of overflow. + if (info->dataPtr == NULL) { + return false; + } } return true; diff --git a/source/XMPFiles/FormatSupport/TIFF_Support.hpp b/source/XMPFiles/FormatSupport/TIFF_Support.hpp index 9af76c4..e3d9834 100644 --- a/source/XMPFiles/FormatSupport/TIFF_Support.hpp +++ b/source/XMPFiles/FormatSupport/TIFF_Support.hpp @@ -723,7 +723,17 @@ private: const TweakedIFDEntry* FindTagInIFD ( XMP_Uns8 ifd, XMP_Uns16 id ) const; const inline void* GetDataPtr ( const TweakedIFDEntry* tifdEntry ) const - { if ( tifdEntry->bytes <= 4 ) return &tifdEntry->dataOrPos; else return (this->tiffStream + tifdEntry->dataOrPos); }; + { + if ( tifdEntry->bytes <= 4 ) return &tifdEntry->dataOrPos; + else + { + XMP_Uns32 pos = tifdEntry->dataOrPos; + // Invalid file. + // The data is past the length of the TIFF. + if ( (pos + tifdEntry->bytes) > this->tiffLength ) return NULL; + return (this->tiffStream + pos); + } + }; static inline void NotAppropriate() { XMP_Throw ( "Not appropriate for TIFF_Reader", kXMPErr_InternalFailure ); };
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor