File bug-771229_CVE-2012-2837.patch of Package libexif.648
Update of /cvsroot/libexif/libexif/libexif/olympus
In directory vz-cvs-4.sog:/tmp/cvs-serv19584/libexif/olympus
Modified Files:
mnote-olympus-entry.c
Log Message:
Fixed some possible division-by-zeros in Olympus-style makernotes
This fixes bug #3434545, a.k.a. CVE-2012-2837
Index: mnote-olympus-entry.c
===================================================================
RCS file: /cvsroot/libexif/libexif/libexif/olympus/mnote-olympus-entry.c,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -d -r1.54 -r1.55
--- libexif/olympus/mnote-olympus-entry.c 18 Apr 2011 23:46:33 -0000 1.54
+++ libexif/olymps/mnote-olympus-entry.c 12 Jul 2012 17:29:05 -0000 1.55
@@ -76,6 +76,9 @@
} \
}
+#define R2L(n) ((n).denominator ? (long)(n).numerator/(n).denominator : 0L)
+#define R2D(n) ((n).denominator ? (double)(n).numerator/(n).denominator : 0.0)
+
static const struct {
ExifTag tag;
ExifFormat fmt;
@@ -372,20 +375,20 @@
CF (entry->format, EXIF_FORMAT_RATIONAL, v, maxlen);
CC (entry->components, 4, v, maxlen);
vr = exif_get_rational (entry->data, entry->order);
- r = (double)vr.numerator / vr.denominator;
+ r = R2D(vr);
vr = exif_get_rational (entry->data+8, entry->order);
- b = (double)vr.numerator / vr.denominator;
+ b = R2D(vr);
snprintf (v, maxlen, _("Red Correction %f, blue Correction %f"), r,b);
break;
case MNOTE_NIKON_TAG_MANUALFOCUSDISTANCE:
CF (entry->format, EXIF_FORMAT_RATIONAL, v, maxlen);
CC (entry->components, 1, v, maxlen);
vr = exif_get_rational (entry->data, entry->order);
- if (vr.numerator) {
- r = (double)vr.numerator / vr.denominator;
- snprintf (v, maxlen, _("%2.2f meters"), r);
- } else {
+ if (!vr.numerator || !vr.denominator) {
strncpy (v, _("No manual focus selection"), maxlen);
+ } else {
+ r = R2D(vr);
+ snprintf (v, maxlen, _("%2.2f meters"), r);
}
break;
case MNOTE_NIKON_TAG_SENSORPIXELSIZE:
@@ -393,8 +396,8 @@
CC (entry->components, 2, v, maxlen);
vr = exif_get_rational (entry->data, entry->order);
vr2 = exif_get_rational (entry->data+8, entry->order);
- r = (double)vr.numerator / vr.denominator;
- b = (double)vr2.numerator / vr2.denominator;
+ r = R2D(vr);
+ b = R2D(vr2);
snprintf (v, maxlen, "%2.2f x %2.2f um", r, b);
break;
case MNOTE_NIKON_TAG_BRACKETING:
@@ -450,10 +453,10 @@
if (entry->format == EXIF_FORMAT_RATIONAL) {
CC (entry->components, 1, v, maxlen);
vr = exif_get_rational (entry->data, entry->order);
- if (!vr.numerator) {
+ if (!vr.numerator || !vr.denominator) {
strncpy (v, _("None"), maxlen);
} else {
- r = (double)vr.numerator / vr.denominator;
+ r = R2D(vr);
snprintf (v, maxlen, "%2.2f", r);
}
break;
@@ -568,13 +571,13 @@
double c,d;
unsigned long a,b;
vr = exif_get_rational (entry->data, entry->order);
- a = vr.numerator / vr.denominator;
+ a = R2L(vr);
vr = exif_get_rational (entry->data+8, entry->order);
- b = vr.numerator / vr.denominator;
+ b = R2L(vr);
vr = exif_get_rational (entry->data+16, entry->order);
- c = (double)vr.numerator / vr.denominator;
+ c = R2D(vr);
vr = exif_get_rational (entry->data+24, entry->order);
- d = (double)vr.numerator / vr.denominator;
+ d = R2D(vr);
snprintf (v, maxlen, "%ld-%ldmm 1:%3.1f - %3.1f",a,b,c,d);
}
break;
@@ -682,7 +685,7 @@
CF (entry->format, EXIF_FORMAT_RATIONAL, v, maxlen);
CC (entry->components, 1, v, maxlen);
vr = exif_get_rational (entry->data, entry->order);
- if (vr.numerator == 0) {
+ if (!vr.numerator || !vr.denominator) {
strncpy (v, _("Unknown"), maxlen);
}
else {
@@ -793,7 +796,7 @@
if (!vr.denominator) {
strncpy (v, _("Infinite"), maxlen);
} else {
- r = (double)vr.numerator / vr.denominator;
+ r = R2D(vr);
snprintf (v, maxlen, "%2.3f", r);
}
break;
@@ -803,7 +806,7 @@
if (!vsr.denominator) {
strncpy (v, _("Infinite"), maxlen);
} else {
- r = (double)vsr.numerator / vsr.denominator;
+ r = R2D(vsr);
snprintf (v, maxlen, "%2.3f", r);
}
break;
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
libexif-cvs mailing list
libexif-cvs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libexif-cvs