Merge pull request #2191 from Exiv2/main_fix2190

Detect integer-overflow and throw in that case
2022-04-04 11:33:42 +02:00 · 2022-04-04 11:33:42 +02:00 · 3f496bd264
commit 3f496bd264
parent 3ee193f12f 3795e5318b
3 changed files with 3 additions and 1 deletions
--- a/src/exif.cpp
+++ b/src/exif.cpp
@ -14,6 +14,7 @@
 #include "config.h"
 #include "error.hpp"
 #include "metadatum.hpp"
+#include "safe_op.hpp"
 #include "tags.hpp"
 #include "tags_int.hpp"
 #include "tiffcomposite_int.hpp"  // for Tag::root
@ -741,7 +742,7 @@ Exiv2::DataBuf JpegThumbnail::copy(const Exiv2::ExifData& exifData) const {
 int64_t sumToLong(const Exiv2::Exifdatum& md) {
  int64_t sum = 0;
  for (size_t i = 0; i < md.count(); ++i) {
-    sum += md.toInt64(i);
+    sum = Safe::add(sum, md.toInt64(i));
  }
  return sum;
 }
--- a/test/data/issue_2190_poc.jp2
+++ b/test/data/issue_2190_poc.jp2
--- a/tests/regression_tests/test_regression_allfiles.py
+++ b/tests/regression_tests/test_regression_allfiles.py
@ -54,6 +54,7 @@ def get_valid_files(data_dir):
        "issue_ghsa_8949_hhfh_j7rj_poc.exv",
        "exiv2-bug495.jpg",
        "issue_1920_poc.tiff",
+        "issue_2190_poc.jp2",
        # non-zero return code files, most of them are security POC so we don't
        # really need to worry about them here
        "2018-01-09-exiv2-crash-001.tiff",