Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
exempi.6890
CVE-2018-7730.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-7730.patch of Package exempi.6890
References: e163667a06a9b656a047b0ec660b871f29a83c9f Mon Sep 17 00:00:00 2001 From: Karol Babioch <kbabioch@suse.de> Date: Wed Mar 14 15:11:19 CET 2018 Upstream: merged Subject: Fix for CVE-2018-7730 Backport from upstream. (bsc#1085295) --- source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) Index: exempi-2.2.2/source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp =================================================================== --- exempi-2.2.2.orig/source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp +++ exempi-2.2.2/source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp @@ -291,6 +291,14 @@ void PSIR_FileWriter::ParseFileResources ioBuf.ptr += paddedLen; // Move to the data length. XMP_Uns32 dataLen = GetUns32BE(ioBuf.ptr); XMP_Uns32 dataTotal = ((dataLen + 1) & 0xFFFFFFFEUL); // Round up to an even total. + + // See bug https://bugs.freedesktop.org/show_bug.cgi?id=105204 + // If dataLen is 0xffffffff, then dataTotal might be 0 + // and therefor make the CheckFileSpace test pass. + if (dataTotal < dataLen) { + break; + } + ioBuf.ptr += 4; // Advance to the resource data. XMP_Int64 thisDataPos = ioBuf.filePos + (ioBuf.ptr - ioBuf.data);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor