diff options
Diffstat (limited to 'main/exiv2/CVE-2019-17402.patch')
-rw-r--r-- | main/exiv2/CVE-2019-17402.patch | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/main/exiv2/CVE-2019-17402.patch b/main/exiv2/CVE-2019-17402.patch new file mode 100644 index 0000000000..45451442d5 --- /dev/null +++ b/main/exiv2/CVE-2019-17402.patch @@ -0,0 +1,49 @@ +diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp +index 29311fd..c0d9553 100644 +--- a/src/crwimage_int.cpp ++++ b/src/crwimage_int.cpp +@@ -268,6 +268,9 @@ namespace Exiv2 { + #ifdef EXIV2_DEBUG_MESSAGES + std::cout << "Reading directory 0x" << std::hex << tag() << "\n"; + #endif ++ if (this->offset() + this->size() > size) ++ throw Error(kerOffsetOutOfRange); ++ + readDirectory(pData + offset(), this->size(), byteOrder); + #ifdef EXIV2_DEBUG_MESSAGES + std::cout << "<---- 0x" << std::hex << tag() << "\n"; +diff --git a/test/data/POC-file_issue_1019 b/test/data/POC-file_issue_1019 +new file mode 100755 +index 0000000..e69de29 +diff --git a/tests/bugfixes/github/test_issue_1019.py b/tests/bugfixes/github/test_issue_1019.py +new file mode 100644 +index 0000000..c2682f9 +--- /dev/null ++++ b/tests/bugfixes/github/test_issue_1019.py +@@ -0,0 +1,14 @@ ++from system_tests import CaseMeta, path ++ ++ ++class OverreadInCiffDirectoryReadDirectory(metaclass=CaseMeta): ++ ++ filename = path("$data_path/POC-file_issue_1019") ++ commands = ["$exiv2 -pv $filename"] ++ stdout = [""] ++ stderr = [ ++ """$exiv2_exception_message $filename: ++$kerOffsetOutOfRange ++""" ++ ] ++ retval = [1] +diff --git a/tests/suite.conf b/tests/suite.conf +index 5b31930..dab7427 100644 +--- a/tests/suite.conf ++++ b/tests/suite.conf +@@ -19,6 +19,7 @@ largeiptc_test: ${ENV:exiv2_path}/largeiptc-test${ENV:binary_extension} + easyaccess_test: ${ENV:exiv2_path}/easyaccess-test${ENV:binary_extension} + + [variables] ++kerOffsetOutOfRange: Offset out of range + kerFailedToReadImageData: Failed to read image data + kerCorruptedMetadata: corrupted image metadata + kerInvalidMalloc: invalid memory allocation request |