Overview

File bug-771229_CVE-2012-2837.patch of Package libexif.648

Update of /cvsroot/libexif/libexif/libexif/olympus
In directory vz-cvs-4.sog:/tmp/cvs-serv19584/libexif/olympus

Modified Files:
	mnote-olympus-entry.c 
Log Message:
Fixed some possible division-by-zeros in Olympus-style makernotes
This fixes bug #3434545, a.k.a. CVE-2012-2837


Index: mnote-olympus-entry.c
===================================================================
RCS file: /cvsroot/libexif/libexif/libexif/olympus/mnote-olympus-entry.c,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -d -r1.54 -r1.55
--- libexif/olympus/mnote-olympus-entry.c	18 Apr 2011 23:46:33 -0000	1.54
+++ libexif/olymps/mnote-olympus-entry.c	12 Jul 2012 17:29:05 -0000	1.55
@@ -76,6 +76,9 @@
 	}                                                               \
 }
 
+#define R2L(n) ((n).denominator ? (long)(n).numerator/(n).denominator : 0L)
+#define R2D(n) ((n).denominator ? (double)(n).numerator/(n).denominator : 0.0)
+
 static const struct {
 	ExifTag tag;
 	ExifFormat fmt;
@@ -372,20 +375,20 @@
 		CF (entry->format, EXIF_FORMAT_RATIONAL, v, maxlen);
 		CC (entry->components, 4, v, maxlen);
 		vr = exif_get_rational (entry->data, entry->order);
-		r = (double)vr.numerator / vr.denominator;
+		r = R2D(vr);
 		vr = exif_get_rational (entry->data+8, entry->order);
-		b = (double)vr.numerator / vr.denominator;
+		b = R2D(vr);
 		snprintf (v, maxlen, _("Red Correction %f, blue Correction %f"), r,b);
 		break;
 	case MNOTE_NIKON_TAG_MANUALFOCUSDISTANCE:
 		CF (entry->format, EXIF_FORMAT_RATIONAL, v, maxlen);
 		CC (entry->components, 1, v, maxlen);
 		vr = exif_get_rational (entry->data, entry->order);
-		if (vr.numerator) {
-			r = (double)vr.numerator / vr.denominator;
-			snprintf (v, maxlen, _("%2.2f meters"), r);
-		} else {
+		if (!vr.numerator || !vr.denominator) {
 			strncpy (v, _("No manual focus selection"), maxlen);
+		} else {
+			r = R2D(vr);
+			snprintf (v, maxlen, _("%2.2f meters"), r);
 		}
 		break;
 	case MNOTE_NIKON_TAG_SENSORPIXELSIZE:
@@ -393,8 +396,8 @@
 		CC (entry->components, 2, v, maxlen);
 		vr = exif_get_rational (entry->data, entry->order);
 		vr2 = exif_get_rational (entry->data+8, entry->order);
-		r = (double)vr.numerator / vr.denominator;
-		b = (double)vr2.numerator / vr2.denominator;
+		r = R2D(vr);
+		b = R2D(vr2);
 		snprintf (v, maxlen, "%2.2f x %2.2f um", r, b);
 		break;
 	case MNOTE_NIKON_TAG_BRACKETING:
@@ -450,10 +453,10 @@
 		if (entry->format == EXIF_FORMAT_RATIONAL) {
 			CC (entry->components, 1, v, maxlen);
 			vr = exif_get_rational (entry->data, entry->order);
-			if (!vr.numerator) {
+			if (!vr.numerator || !vr.denominator) {
 				strncpy (v, _("None"), maxlen);
 			} else {
-				r = (double)vr.numerator / vr.denominator;
+				r = R2D(vr);
 				snprintf (v, maxlen, "%2.2f", r);
 			}
 			break;
@@ -568,13 +571,13 @@
 			double c,d;
 			unsigned long a,b;
 			vr = exif_get_rational (entry->data, entry->order);
-			a = vr.numerator / vr.denominator;
+			a = R2L(vr);
 			vr = exif_get_rational (entry->data+8, entry->order);
-			b = vr.numerator / vr.denominator;
+			b = R2L(vr);
 			vr = exif_get_rational (entry->data+16, entry->order);
-			c = (double)vr.numerator / vr.denominator;
+			c = R2D(vr);
 			vr = exif_get_rational (entry->data+24, entry->order);
-			d = (double)vr.numerator / vr.denominator;
+			d = R2D(vr);
 			snprintf (v, maxlen, "%ld-%ldmm 1:%3.1f - %3.1f",a,b,c,d);
 		}
 		break;
@@ -682,7 +685,7 @@
 		CF (entry->format, EXIF_FORMAT_RATIONAL, v, maxlen);
 		CC (entry->components, 1, v, maxlen);
 		vr = exif_get_rational (entry->data, entry->order);
-		if (vr.numerator == 0) {
+		if (!vr.numerator || !vr.denominator) {
 			strncpy (v, _("Unknown"), maxlen);
 		}
 		else {
@@ -793,7 +796,7 @@
 			if (!vr.denominator) {
 				strncpy (v, _("Infinite"), maxlen);
 			} else {
-				r = (double)vr.numerator / vr.denominator;
+				r = R2D(vr);
 				snprintf (v, maxlen, "%2.3f", r);
 			}
 			break;
@@ -803,7 +806,7 @@
 			if (!vsr.denominator) {
 				strncpy (v, _("Infinite"), maxlen);
 			} else {
-				r = (double)vsr.numerator / vsr.denominator;
+				r = R2D(vsr);
 				snprintf (v, maxlen, "%2.3f", r);
 			}
 			break;


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
libexif-cvs mailing list
libexif-cvs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libexif-cvs
openSUSE Build Service is sponsored by
Places