File CVE-2018-7730.patch of Package exempi.openSUSE_Leap_42.3_Update

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2018-7730.patch of Package exempi.openSUSE_Leap_42.3_Update

References: e163667a06a9b656a047b0ec660b871f29a83c9f Mon Sep 17 00:00:00 2001
From: Karol Babioch <kbabioch@suse.de>
Date: Wed Mar 14 15:11:19 CET 2018
Upstream: merged
Subject: Fix for CVE-2018-7730

Backport from upstream. (bsc#1085295)

---
 source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp |    8 ++++++++
 1 file changed, 8 insertions(+)

Index: exempi-2.2.2/source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp
===================================================================
--- exempi-2.2.2.orig/source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp
+++ exempi-2.2.2/source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp
@@ -291,6 +291,14 @@ void PSIR_FileWriter::ParseFileResources
 		ioBuf.ptr += paddedLen;	// Move to the data length.
 		XMP_Uns32 dataLen   = GetUns32BE(ioBuf.ptr);
 		XMP_Uns32 dataTotal = ((dataLen + 1) & 0xFFFFFFFEUL);	// Round up to an even total.
+
+		// See bug https://bugs.freedesktop.org/show_bug.cgi?id=105204
+		// If dataLen is 0xffffffff, then dataTotal might be 0
+		// and therefor make the CheckFileSpace test pass.
+		if (dataTotal < dataLen) {
+			break;
+		}
+
 		ioBuf.ptr += 4;	// Advance to the resource data.
 
 		XMP_Int64 thisDataPos = ioBuf.filePos + (ioBuf.ptr - ioBuf.data);

Places

File CVE-2018-7730.patch of Package exempi.openSUSE_Leap_42.3_Update

Places