summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFabian Affolter <fabian@affolter-engineering.ch>2015-01-23 15:06:05 +0000
committerFabian Affolter <fabian@affolter-engineering.ch>2015-03-11 14:33:14 +0000
commit55a409eb486ade654cef90cc060689b462643c6c (patch)
tree2f68757420b771cbf4e3c84cd11141ff93659432
parentb7b18fc0ecc10a20b3363498cf83ffd3c0e34f87 (diff)
downloadaports-55a409eb486ade654cef90cc060689b462643c6c.tar.bz2
aports-55a409eb486ade654cef90cc060689b462643c6c.tar.xz
main/exiv2: add patch to fix CVE-2014-9449
-rw-r--r--main/exiv2/exiv2-0.24-CVE-2014-9449.patch27
1 files changed, 27 insertions, 0 deletions
diff --git a/main/exiv2/exiv2-0.24-CVE-2014-9449.patch b/main/exiv2/exiv2-0.24-CVE-2014-9449.patch
new file mode 100644
index 000000000..cf1b46fbf
--- /dev/null
+++ b/main/exiv2/exiv2-0.24-CVE-2014-9449.patch
@@ -0,0 +1,27 @@
+diff -up exiv2-0.24/src/riffvideo.cpp.CVE-2014-9449 exiv2-0.24/src/riffvideo.cpp
+--- exiv2-0.24/src/riffvideo.cpp.CVE-2014-9449 2013-12-01 06:13:42.000000000 -0600
++++ exiv2-0.24/src/riffvideo.cpp 2015-01-05 11:21:42.306728309 -0600
+@@ -856,7 +856,7 @@ namespace Exiv2 {
+
+ void RiffVideo::infoTagsHandler()
+ {
+- const long bufMinSize = 100;
++ const long bufMinSize = 10000;
+ DataBuf buf(bufMinSize);
+ buf.pData_[4] = '\0';
+ io_->seek(-12, BasicIo::cur);
+@@ -879,10 +879,14 @@ namespace Exiv2 {
+ if(infoSize >= 0) {
+ size -= infoSize;
+ io_->read(buf.pData_, infoSize);
++ if(infoSize < 4)
++ buf.pData_[infoSize] = '\0';
+ }
+
+ if(tv)
+ xmpData_[exvGettext(tv->label_)] = buf.pData_;
++ else
++ continue;
+ }
+ io_->seek(cur_pos + size_external, BasicIo::beg);
+ } // RiffVideo::infoTagsHandler