[SCM] exiv2 packaging branch, master, updated. debian/0.25-3.1-3734-gdcbc29a
Maximiliano Curia
maxy at moszumanska.debian.org
Thu Jul 13 17:41:52 UTC 2017
Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-extras/exiv2.git;a=commitdiff;h=3582323
The following commit has been merged in the master branch:
commit 35823233fa1d41590616664ac875c0e5f05bdf09
Author: Andreas Huggel <ahuggel at gmx.net>
Date: Sun Aug 15 14:33:48 2010 +0000
Fixed zlib uncompression of large PNG metadata buffers.
---
src/pngchunk.cpp | 35 +++++++++++++++--------------------
1 file changed, 15 insertions(+), 20 deletions(-)
diff --git a/src/pngchunk.cpp b/src/pngchunk.cpp
index 2841529..1d45edd 100644
--- a/src/pngchunk.cpp
+++ b/src/pngchunk.cpp
@@ -440,41 +440,36 @@ namespace Exiv2 {
{
uLongf uncompressedLen = compressedTextSize * 2; // just a starting point
int zlibResult;
+ int dos = 0;
- do
- {
+ do {
arr.alloc(uncompressedLen);
- zlibResult = uncompress((Bytef*)arr.pData_, &uncompressedLen,
- compressedText, compressedTextSize);
-
- if (zlibResult == Z_OK)
- {
- // then it is all OK
+ zlibResult = uncompress((Bytef*)arr.pData_,
+ &uncompressedLen,
+ compressedText,
+ compressedTextSize);
+ if (zlibResult == Z_OK) {
arr.alloc(uncompressedLen);
}
- else if (zlibResult == Z_BUF_ERROR)
- {
+ else if (zlibResult == Z_BUF_ERROR) {
// the uncompressedArray needs to be larger
-#ifdef DEBUG
- std::cout << "Exiv2::PngChunk::parsePngChunk: doubling size for decompression.
";
-#endif
uncompressedLen *= 2;
-
// DoS protection. can't be bigger than 64k
- if ( uncompressedLen > 131072 )
- break;
+ if (uncompressedLen > 131072) {
+ if (++dos > 1) break;
+ uncompressedLen = 131072;
+ }
}
- else
- {
+ else {
// something bad happened
throw Error(14);
}
}
while (zlibResult == Z_BUF_ERROR);
- if (zlibResult != Z_OK)
+ if (zlibResult != Z_OK) {
throw Error(14);
-
+ }
} // PngChunk::zlibUncompress
std::string PngChunk::zlibCompress(const std::string& text)
--
exiv2 packaging
More information about the pkg-kde-commits
mailing list