File 0001-PSD-Use-Safe-add-for-preventing-overflows-in-PSD-fil.patch of Package exiv2-0_26.26338
From 4e962f9b8ef1e90f1acc309db50207096c9a2a67 Mon Sep 17 00:00:00 2001
From: Luis Diaz Mas <piponazo@gmail.com>
Date: Sun, 4 Nov 2018 22:33:03 +0100
Subject: [PATCH 1/2] PSD: Use Safe::add for preventing overflows in PSD files
(cherry picked from commit 68966932510213b5656fcf433ab6d7e26f48e23b)
---
src/psdimage.cpp | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/psdimage.cpp b/src/psdimage.cpp
index 5f721c70..7c5beeff 100644
--- a/src/psdimage.cpp
+++ b/src/psdimage.cpp
@@ -38,6 +38,7 @@ EXIV2_RCSID("@(#) $Id$")
#include "basicio.hpp"
#include "error.hpp"
#include "futils.hpp"
+#include "safe_op.hpp"
// + standard includes
#include <string>
@@ -233,7 +234,8 @@ namespace Exiv2 {
readResourceBlock(resourceId, resourceSize);
resourceSize = (resourceSize + 1) & ~1; // pad to even
io_->seek(curOffset + resourceSize, BasicIo::beg);
- resourcesLength -= (12 + resourceNameLength + resourceSize);
+ resourcesLength -= Safe::add(Safe::add(static_cast<uint32_t>(12), resourceNameLength),
+ resourceSize);
}
} // PsdImage::readMetadata
--
2.25.1