File CVE-2016-3822.patch of Package jhead.9036

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2016-3822.patch of Package jhead.9036

From: Ludovic Rousseau <rousseau@debian.org>
Date: Sat, 3 Feb 2018 10:21:36 +0100
Subject: Fix possible out of bounds access

Bug-Debian: http://bugs.debian.org/858213
Origin: https://android.googlesource.com/platform/external/jhead/+/bae671597d47b9e5955c4cb742e468cebfd7ca6b

---
 exif.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/exif.c b/exif.c
index 3b36819..bcde6c8 100644
--- a/exif.c
+++ b/exif.c
@@ -9,6 +9,7 @@
 #include "jhead.h"
 
 #include <math.h>
+#include <stdint.h>
 
 static unsigned char * DirWithThumbnailPtrs;
 static double FocalplaneXRes;
@@ -527,7 +528,7 @@ static void ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase,
             unsigned OffsetVal;
             OffsetVal = Get32u(DirEntry+8);
             // If its bigger than 4 bytes, the dir entry contains an offset.
-            if (OffsetVal+ByteCount > ExifLength){
+            if (OffsetVal > UINT32_MAX - ByteCount || OffsetVal+ByteCount > ExifLength){
                 // Bogus pointer offset and / or bytecount value
                 ErrNonfatal("Illegal value pointer for tag %04x in Exif", Tag,0);
                 continue;

Places

File CVE-2016-3822.patch of Package jhead.9036

Places