File CVE-2021-32815.patch of Package exiv2.26842
From 0c17eb33c0a7fad1796ce23b8bbc32067f511aed Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Wed, 23 Jun 2021 22:39:31 +0100
Subject: [PATCH] Don't crash if s > size.
---
src/crwimage_int.cpp | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
index 7b958c26..2db56b18 100644
--- a/src/crwimage.cpp
+++ b/src/crwimage.cpp
@@ -1246,9 +1246,10 @@ namespace Exiv2 {
for (ExifData::const_iterator i = b; i != e; ++i) {
if (i->ifdId() != ifdId) continue;
const uint16_t s = i->tag()*2 + static_cast<uint16_t>(i->size());
- assert(s <= size);
- if (len < s) len = s;
- i->copy(buf.pData_ + i->tag()*2, byteOrder);
+ if (s <= size) {
+ if (len < s) len = s;
+ i->copy(buf.pData_ + i->tag()*2, byteOrder);
+ }
}
// Round the size to make it even.
buf.size_ = len + len%2;
--
2.38.0