third_party/exiv2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add more checks to prevent integer overflow.

Browse Source
This commit is contained in:
Kevin Backhouse
2021-09-12 22:48:24 +01:00
parent 4d55cb6692
commit 395389aa15
6 changed files with 100 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
test/data/issue_1901_poc1.xmp
+1
View File
@@ -0,0 +1 @@
<x:xmpmeta xmlns:x=" "><rdf:RDF xmlns:rdf=" "><rdf:Description xmlns:xmp="a"><xmp:CreateDate>-9223372036854775807</xmp:CreateDate></rdf:Description></rdf:RDF></x:xmpmeta>
test/data/issue_1901_poc.xmp → test/data/issue_1901_poc2.xmp
View File
test/data/issue_1901_poc3.xmp
+1
View File
@@ -0,0 +1 @@
<x:xmpmeta xmlns:x=" "><rdf:RDF xmlns:rdf=" "><rdf:Description xmlns:xmp="a"><xmp:CreateDate>2147483650</xmp:CreateDate></rdf:Description></rdf:RDF></x:xmpmeta>
test/data/issue_1901_poc4.xmp
+1
View File
@@ -0,0 +1 @@
<x:xmpmeta xmlns:x=" "><rdf:RDF xmlns:rdf=" "><rdf:Description xmlns:xmp="a"><xmp:CreateDate>2021</xmp:CreateDate></rdf:Description></rdf:RDF></x:xmpmeta>
tests/bugfixes/github/test_issue_1901.py
+89 -6
View File
@@ -9,11 +9,16 @@ class XMPUtilsSetTimeZoneIntegerOverflow(metaclass=CaseMeta):
"""
url = "https://github.com/Exiv2/exiv2/issues/1901"
filename = path("$data_path/issue_1901_poc.xmp")
commands = ["$exiv2 $filename"]
stderr = ["""Warning: Unsupported date format
"""]
stdout = ["""File name : $filename
filename1 = path("$data_path/issue_1901_poc1.xmp")
filename2 = path("$data_path/issue_1901_poc2.xmp")
filename3 = path("$data_path/issue_1901_poc3.xmp")
filename4 = path("$data_path/issue_1901_poc4.xmp")
commands = ["$exiv2 -q $filename1",
"$exiv2 -q $filename2",
"$exiv2 -q $filename3",
"$exiv2 -q $filename4"]
stderr = ["", "", "", ""]
stdout = ["""File name : $filename1
File size : 170 Bytes
MIME type : application/rdf+xml
Image size : 0 x 0
@@ -38,5 +43,83 @@ White balance :
Copyright :
Exif comment :
""",
"""File name : $filename2
File size : 170 Bytes
MIME type : application/rdf+xml
Image size : 0 x 0
Thumbnail : None
Camera make :
Camera model :
Image timestamp :
File number :
Exposure time :
Aperture :
Exposure bias :
Flash :
Flash bias :
Focal length :
Subject distance:
ISO speed :
Exposure mode :
Metering mode :
Macro mode :
Image quality :
White balance :
Copyright :
Exif comment :
""",
"""File name : $filename3
File size : 160 Bytes
MIME type : application/rdf+xml
Image size : 0 x 0
Thumbnail : None
Camera make :
Camera model :
Image timestamp :
File number :
Exposure time :
Aperture :
Exposure bias :
Flash :
Flash bias :
Focal length :
Subject distance:
ISO speed :
Exposure mode :
Metering mode :
Macro mode :
Image quality :
White balance :
Copyright :
Exif comment :
""",
"""File name : $filename4
File size : 154 Bytes
MIME type : application/rdf+xml
Image size : 0 x 0
Thumbnail : None
Camera make :
Camera model :
Image timestamp :
File number :
Exposure time :
Aperture :
Exposure bias :
Flash :
Flash bias :
Focal length :
Subject distance:
ISO speed :
Exposure mode :
Metering mode :
Macro mode :
Image quality :
White balance :
Copyright :
Exif comment :
"""]
retval = [0]
retval = [0, 0, 0, 0]
xmpsdk/src/XMPUtils.cpp
+8 -5
View File
@@ -1960,11 +1960,14 @@ XMPUtils::SetTimeZone ( XMP_DateTime * xmpTime )
if ( now == -1 ) XMP_Throw ( "Failure from ANSI C time function", kXMPErr_ExternalFailure );
ansi_localtime ( &now, &tmLocal );
} else {
tmLocal.tm_year = xmpTime->year - 1900;
#if 0
// Removed to fix https://github.com/Exiv2/exiv2/issues/1901
while ( tmLocal.tm_year < 70 ) tmLocal.tm_year += 4; // ! Some versions of mktime barf on years before 1970.
#endif
// Fix for https://github.com/Exiv2/exiv2/issues/1901
if (xmpTime->year < std::numeric_limits<decltype(tmLocal.tm_year)>::min() + 1900) {
tmLocal.tm_year = std::numeric_limits<decltype(tmLocal.tm_year)>::min();
} else if (xmpTime->year > std::numeric_limits<decltype(tmLocal.tm_year)>::max()) {
tmLocal.tm_year = std::numeric_limits<decltype(tmLocal.tm_year)>::max();
} else {
tmLocal.tm_year = xmpTime->year - 1900;
}
tmLocal.tm_mon = xmpTime->month - 1;
tmLocal.tm_mday = xmpTime->day;
}