blob: cf1b46fbf69c6b6601d0e649a6dbcf0e5e106397 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
diff -up exiv2-0.24/src/riffvideo.cpp.CVE-2014-9449 exiv2-0.24/src/riffvideo.cpp
--- exiv2-0.24/src/riffvideo.cpp.CVE-2014-9449 2013-12-01 06:13:42.000000000 -0600
+++ exiv2-0.24/src/riffvideo.cpp 2015-01-05 11:21:42.306728309 -0600
@@ -856,7 +856,7 @@ namespace Exiv2 {
void RiffVideo::infoTagsHandler()
{
- const long bufMinSize = 100;
+ const long bufMinSize = 10000;
DataBuf buf(bufMinSize);
buf.pData_[4] = '\0';
io_->seek(-12, BasicIo::cur);
@@ -879,10 +879,14 @@ namespace Exiv2 {
if(infoSize >= 0) {
size -= infoSize;
io_->read(buf.pData_, infoSize);
+ if(infoSize < 4)
+ buf.pData_[infoSize] = '\0';
}
if(tv)
xmpData_[exvGettext(tv->label_)] = buf.pData_;
+ else
+ continue;
}
io_->seek(cur_pos + size_external, BasicIo::beg);
} // RiffVideo::infoTagsHandler
|
