File CVE-2021-37621.patch of Package exiv2.30966
From 191cd2690608f19335d82ed2be36c7ce8bdc60b9 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Tue, 13 Jul 2021 22:50:16 +0100
Subject: [PATCH] dirLength == 0 can cause an infinite loop.
---
src/image.cpp | 2 ++
1 file changed, 2 insertions(+)
Index: exiv2-0.26/src/image.cpp
===================================================================
--- exiv2-0.26.orig/src/image.cpp
+++ exiv2-0.26/src/image.cpp
@@ -33,6 +33,7 @@ EXIV2_RCSID("@(#) $Id$")
#include "image_int.hpp"
#include "error.hpp"
#include "futils.hpp"
+#include "enforce.hpp"
#include "cr2image.hpp"
#include "crwimage.hpp"
@@ -353,6 +354,8 @@ namespace Exiv2 {
throw Error(kerCorruptedMetadata);
}
uint16_t dirLength = byteSwap2(dir,0,bSwap);
+ // Prevent infinite loops. (GHSA-m479-7frc-gqqg)
+ enforce(dirLength > 0, kerCorruptedMetadata);
bool tooBig = dirLength > 500;