Overview

File CVE-2018-17088.patch of Package jhead

Index: jhead-3.00/gpsinfo.c
===================================================================
--- jhead-3.00.orig/gpsinfo.c
+++ jhead-3.00/gpsinfo.c
@@ -6,6 +6,7 @@
 #include "jhead.h"
 
 #define MAX_GPS_TAG 0x1e
+#include <stdint.h>
 
 
 #define TAG_GPS_LAT_REF    1
@@ -101,7 +102,7 @@ void ProcessGpsInfo(unsigned char * DirS
             unsigned OffsetVal;
             OffsetVal = Get32u(DirEntry+8);
             // If its bigger than 4 bytes, the dir entry contains an offset.
-            if (OffsetVal+ByteCount > ExifLength){
+            if (OffsetVal > UINT32_MAX - ByteCount || OffsetVal+ByteCount > ExifLength){
                 // Bogus pointer offset and / or bytecount value
                 ErrNonfatal("Illegal value pointer for Exif gps tag %04x", Tag,0);
                 continue;
Index: jhead-3.00/makernote.c
===================================================================
--- jhead-3.00.orig/makernote.c
+++ jhead-3.00/makernote.c
@@ -5,6 +5,7 @@
 #include "jhead.h"
 
 extern int MotorolaOrder;
+#include <stdint.h>
 
 //--------------------------------------------------------------------------
 // Process exif format directory, as used by Cannon maker note
@@ -64,7 +65,7 @@ static void ProcessCanonMakerNoteDir(uns
             unsigned OffsetVal;
             OffsetVal = Get32u(DirEntry+8);
             // If its bigger than 4 bytes, the dir entry contains an offset.
-            if (OffsetVal+ByteCount > ExifLength){
+            if (OffsetVal > UINT32_MAX - ByteCount || OffsetVal+ByteCount > ExifLength){
                 // Bogus pointer offset and / or bytecount value
                 ErrNonfatal("Illegal value pointer for Exif maker tag %04x", Tag,0);
                 continue;
openSUSE Build Service is sponsored by
Places