Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.4:Update
exiv2-0_26.26338
CVE-2021-31292.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2021-31292.patch of Package exiv2-0_26.26338
From 9b7a19f957af53304655ed1efe32253a1b11a8d0 Mon Sep 17 00:00:00 2001 From: Kevin Backhouse <kevinbackhouse@github.com> Date: Fri, 9 Apr 2021 13:37:48 +0100 Subject: [PATCH] Fix integer overflow. --- src/crwimage.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/crwimage.cpp b/src/crwimage.cpp index ca79aa7..cd6200c 100644 --- a/src/crwimage.cpp +++ b/src/crwimage.cpp @@ -1326,7 +1326,11 @@ namespace Exiv2 { pCrwMapping->crwDir_); if (edX != edEnd || edY != edEnd || edO != edEnd) { uint32_t size = 28; - if (cc && cc->size() > size) size = cc->size(); + if (cc) { + if (cc->size() < size) + throw Error(kerCorruptedMetadata); + size = cc->size(); + } DataBuf buf(size); std::memset(buf.pData_, 0x0, buf.size_); if (cc) std::memcpy(buf.pData_ + 8, cc->pData() + 8, cc->size() - 8);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
