[SCM] exiv2 packaging branch, master, updated. debian/0.25-3.1-3734-gdcbc29a
Maximiliano Curia
maxy at moszumanska.debian.org
Thu Jul 13 17:43:23 UTC 2017
Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-extras/exiv2.git;a=commitdiff;h=60560ff
The following commit has been merged in the master branch:
commit 60560ff051ed58de75c8a5260ae8a5c8fcdf1991
Author: Andreas Huggel <ahuggel at gmx.net>
Date: Fri Aug 31 04:31:05 2012 +0000
#841: Additional check to prevent issues with the sign when casting uint32_t to long.
---
src/pngimage.cpp | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/pngimage.cpp b/src/pngimage.cpp
index b527901..133d205 100644
--- a/src/pngimage.cpp
+++ b/src/pngimage.cpp
@@ -136,7 +136,9 @@ namespace Exiv2 {
// Decode chunk data length.
uint32_t dataOffset = Exiv2::getULong(cheaderBuf.pData_, Exiv2::bigEndian);
long pos = io_->tell();
- if (pos == -1 || static_cast<long>(dataOffset) > imgSize - pos) throw Exiv2::Error(14);
+ if ( pos == -1
+ || dataOffset > uint32_t(0x7FFFFFFF)
+ || static_cast<long>(dataOffset) > imgSize - pos) throw Exiv2::Error(14);
// Perform a chunk triage for item that we need.
--
exiv2 packaging
More information about the pkg-kde-commits
mailing list