[SCM] exiv2 packaging branch, master, updated. debian/0.25-3.1-3734-gdcbc29a
Maximiliano Curia
maxy at moszumanska.debian.org
Thu Jul 13 17:37:46 UTC 2017
Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-extras/exiv2.git;a=commitdiff;h=d3d2d4c
The following commit has been merged in the master branch:
commit d3d2d4c023ec48cf51c4f0c332e3440842fdaa0f
Author: Andreas Huggel <ahuggel at gmx.net>
Date: Sun Jul 2 12:19:17 2006 +0000
Added boundary check for next IFD to Ifd::read, fixes bug #479.
---
src/ifd.cpp | 16 ++++++++++++++-
test/bugfixes-test.sh | 4 ++++
test/data/bugfixes-test.out | 25 +++++++++++++++++++++++
test/data/{exiv2-bug440.jpg => exiv2-bug479.jpg} | Bin 5243 -> 5581 bytes
4 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/src/ifd.cpp b/src/ifd.cpp
index 91671fb..0cc9bd8 100644
--- a/src/ifd.cpp
+++ b/src/ifd.cpp
@@ -318,7 +318,13 @@ namespace Exiv2 {
long o = start;
Ifd::PreEntries preEntries;
- if (len < o + 2) rc = 6;
+ if (o < 0 || len < o + 2) {
+#ifndef SUPPRESS_WARNINGS
+ std::cerr << "Error: " << ExifTags::ifdName(ifdId_)
+ << " lies outside of the IFD memory buffer.
";
+#endif
+ rc = 6;
+ }
if (rc == 0) {
offset_ = start - shift;
int n = getUShort(buf + o, byteOrder);
@@ -362,6 +368,14 @@ namespace Exiv2 {
pNext_ = const_cast<byte*>(buf + o);
}
next_ = getULong(buf + o, byteOrder);
+ if ( static_cast<long>(next_) + shift < 0
+ || static_cast<long>(next_) + shift >= len) {
+#ifndef SUPPRESS_WARNINGS
+ std::cerr << "Warning: " << ExifTags::ifdName(ifdId_)
+ << ": Pointer to next IFD is out of bounds; ignored.
";
+#endif
+ next_ = 0;
+ }
}
}
// Set the offset of the first data entry outside of the IFD.
diff --git a/test/bugfixes-test.sh b/test/bugfixes-test.sh
index ded5662..b52b7eb 100755
--- a/test/bugfixes-test.sh
+++ b/test/bugfixes-test.sh
@@ -54,6 +54,10 @@ num=447 # Problem only visible in Valgrind
filename=`prep_file $num`
$binpath/exiv2 -pi $filename
+num=479
+filename=`prep_file $num`
+$binpath/exiv2 -pt $filename
+
) > $results 2>&1
if [ x`which unix2dos.exe` != x ]; then
diff --git a/test/data/bugfixes-test.out b/test/data/bugfixes-test.out
index 5a9eafd..ca368b8 100644
--- a/test/data/bugfixes-test.out
+++ b/test/data/bugfixes-test.out
@@ -210,3 +210,28 @@ Warning: Exif tag 0x9286 has invalid Exif type 14; using 7 (undefined).
Iptc.Application2.Caption String 0
Iptc.Application2.DateCreated Date 8 2005-08-09
Iptc.Application2.TimeCreated Time 11 01:28:31-07:00
+------> Bug 479 <-------
+Warning: IFD0: Pointer to next IFD is out of bounds; ignored.
+Exif.Image.ImageWidth Short 1 3173
+Exif.Image.ImageLength Short 1 2011
+Exif.Image.Software Ascii 10 LightZone
+Exif.Image.0x013c Ascii 20 Linux 2.6.15-23-686
+Exif.Image.0x829a Rational 1 16/5
+Exif.Image.0x829d Rational 1 9/1
+Exif.Image.ExifTag Long 1 784
+Exif.Image.0x8822 Short 1 1
+Exif.Image.0x8827 Short 1 250
+Exif.Image.0x9000 Undefined 4 48 50 50 49
+Exif.Image.0x9003 Ascii 20 2006:05:27 12:37:03
+Exif.Image.0x9004 Ascii 20 2006:05:27 12:37:03
+Exif.Image.0x9101 Undefined 4 0 0 0 0
+Exif.Image.0x9201 SRational 1 -54987/32768
+Exif.Image.0x9202 Rational 1 1623/256
+Exif.Image.0x9204 SRational 1 0/1
+Exif.Image.0x9207 Short 1 5
+Exif.Image.0x9209 Short 1 16
+Exif.Image.0x920a Rational 1 24/1
+Exif.Image.0x9286 Undefined 264 (Binary value suppressed)
+Exif.Photo.ExifVersion Undefined 4 48 50 50 48
+Exif.Photo.PixelXDimension Short 1 3173
+Exif.Photo.PixelYDimension Short 1 2011
diff --git a/test/data/exiv2-bug440.jpg b/test/data/exiv2-bug479.jpg
similarity index 83%
copy from test/data/exiv2-bug440.jpg
copy to test/data/exiv2-bug479.jpg
index e57572b..16743da 100644
Binary files a/test/data/exiv2-bug440.jpg and b/test/data/exiv2-bug479.jpg differ
--
exiv2 packaging
More information about the pkg-kde-commits
mailing list