aboutsummaryrefslogtreecommitdiffstats
path: root/community/exiv2/CVE-2019-17402.patch
diff options
context:
space:
mode:
Diffstat (limited to 'community/exiv2/CVE-2019-17402.patch')
-rw-r--r--community/exiv2/CVE-2019-17402.patch49
1 files changed, 49 insertions, 0 deletions
diff --git a/community/exiv2/CVE-2019-17402.patch b/community/exiv2/CVE-2019-17402.patch
new file mode 100644
index 0000000000..45451442d5
--- /dev/null
+++ b/community/exiv2/CVE-2019-17402.patch
@@ -0,0 +1,49 @@
+diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
+index 29311fd..c0d9553 100644
+--- a/src/crwimage_int.cpp
++++ b/src/crwimage_int.cpp
+@@ -268,6 +268,9 @@ namespace Exiv2 {
+ #ifdef EXIV2_DEBUG_MESSAGES
+ std::cout << "Reading directory 0x" << std::hex << tag() << "\n";
+ #endif
++ if (this->offset() + this->size() > size)
++ throw Error(kerOffsetOutOfRange);
++
+ readDirectory(pData + offset(), this->size(), byteOrder);
+ #ifdef EXIV2_DEBUG_MESSAGES
+ std::cout << "<---- 0x" << std::hex << tag() << "\n";
+diff --git a/test/data/POC-file_issue_1019 b/test/data/POC-file_issue_1019
+new file mode 100755
+index 0000000..e69de29
+diff --git a/tests/bugfixes/github/test_issue_1019.py b/tests/bugfixes/github/test_issue_1019.py
+new file mode 100644
+index 0000000..c2682f9
+--- /dev/null
++++ b/tests/bugfixes/github/test_issue_1019.py
+@@ -0,0 +1,14 @@
++from system_tests import CaseMeta, path
++
++
++class OverreadInCiffDirectoryReadDirectory(metaclass=CaseMeta):
++
++ filename = path("$data_path/POC-file_issue_1019")
++ commands = ["$exiv2 -pv $filename"]
++ stdout = [""]
++ stderr = [
++ """$exiv2_exception_message $filename:
++$kerOffsetOutOfRange
++"""
++ ]
++ retval = [1]
+diff --git a/tests/suite.conf b/tests/suite.conf
+index 5b31930..dab7427 100644
+--- a/tests/suite.conf
++++ b/tests/suite.conf
+@@ -19,6 +19,7 @@ largeiptc_test: ${ENV:exiv2_path}/largeiptc-test${ENV:binary_extension}
+ easyaccess_test: ${ENV:exiv2_path}/easyaccess-test${ENV:binary_extension}
+
+ [variables]
++kerOffsetOutOfRange: Offset out of range
+ kerFailedToReadImageData: Failed to read image data
+ kerCorruptedMetadata: corrupted image metadata
+ kerInvalidMalloc: invalid memory allocation request