1 files changed, 49 insertions, 0 deletions

diff --git a/main/exiv2/CVE-2019-17402.patch b/main/exiv2/CVE-2019-17402.patch
new file mode 100644
index 0000000000..45451442d5
--- /dev/null
+++ b/main/exiv2/CVE-2019-17402.patch
@@ -0,0 +1,49 @@
+diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
+index 29311fd..c0d9553 100644
+--- a/src/crwimage_int.cpp
++++ b/src/crwimage_int.cpp
+@@ -268,6 +268,9 @@ namespace Exiv2 {
+ #ifdef EXIV2_DEBUG_MESSAGES
+         std::cout << "Reading directory 0x" << std::hex << tag() << "\n";
+ #endif
++        if (this->offset() + this->size() > size)
++            throw Error(kerOffsetOutOfRange);
++
+         readDirectory(pData + offset(), this->size(), byteOrder);
+ #ifdef EXIV2_DEBUG_MESSAGES
+         std::cout << "<---- 0x" << std::hex << tag() << "\n";
+diff --git a/test/data/POC-file_issue_1019 b/test/data/POC-file_issue_1019
+new file mode 100755
+index 0000000..e69de29
+diff --git a/tests/bugfixes/github/test_issue_1019.py b/tests/bugfixes/github/test_issue_1019.py
+new file mode 100644
+index 0000000..c2682f9
+--- /dev/null
++++ b/tests/bugfixes/github/test_issue_1019.py
+@@ -0,0 +1,14 @@
++from system_tests import CaseMeta, path
++
++
++class OverreadInCiffDirectoryReadDirectory(metaclass=CaseMeta):
++
++    filename = path("$data_path/POC-file_issue_1019")
++    commands = ["$exiv2 -pv $filename"]
++    stdout = [""]
++    stderr = [
++        """$exiv2_exception_message $filename:
++$kerOffsetOutOfRange
++"""
++    ]
++    retval = [1]
+diff --git a/tests/suite.conf b/tests/suite.conf
+index 5b31930..dab7427 100644
+--- a/tests/suite.conf
++++ b/tests/suite.conf
+@@ -19,6 +19,7 @@ largeiptc_test: ${ENV:exiv2_path}/largeiptc-test${ENV:binary_extension}
+ easyaccess_test: ${ENV:exiv2_path}/easyaccess-test${ENV:binary_extension}
+ 
+ [variables]
++kerOffsetOutOfRange: Offset out of range
+ kerFailedToReadImageData: Failed to read image data
+ kerCorruptedMetadata: corrupted image metadata
+ kerInvalidMalloc: invalid memory allocation request