From bd68c14de5c6bd7a2dce59eeb4fb5396fe99bbe8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= Date: Mon, 4 Apr 2022 09:18:02 +0200 Subject: [PATCH 1/2] Detect integer-overflow and throw in that case --- src/exif.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/exif.cpp b/src/exif.cpp index 77e194ff..72bac3d0 100644 --- a/src/exif.cpp +++ b/src/exif.cpp @@ -14,6 +14,7 @@ #include "config.h" #include "error.hpp" #include "metadatum.hpp" +#include "safe_op.hpp" #include "tags.hpp" #include "tags_int.hpp" #include "tiffcomposite_int.hpp" // for Tag::root @@ -741,7 +742,7 @@ Exiv2::DataBuf JpegThumbnail::copy(const Exiv2::ExifData& exifData) const { int64_t sumToLong(const Exiv2::Exifdatum& md) { int64_t sum = 0; for (size_t i = 0; i < md.count(); ++i) { - sum += md.toInt64(i); + sum = Safe::add(sum, md.toInt64(i)); } return sum; } From 3795e5318b4dac7b8fb8b7da099a8e1a1620f2cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= Date: Mon, 4 Apr 2022 10:03:37 +0200 Subject: [PATCH 2/2] Add POC file --- test/data/issue_2190_poc.jp2 | Bin 0 -> 2679 bytes .../regression_tests/test_regression_allfiles.py | 1 + 2 files changed, 1 insertion(+) create mode 100644 test/data/issue_2190_poc.jp2 diff --git a/test/data/issue_2190_poc.jp2 b/test/data/issue_2190_poc.jp2 new file mode 100644 index 0000000000000000000000000000000000000000..3d4e94eebbba34fe0540552e61a42fe2d5260b64 GIT binary patch literal 2679 zcmZQzVBpCLP*C9IYUg5LVBp9qFv?(H;7Tqn%}ntsNDs+OOLMKrOw+aV3NTXm4}^FD zPyrql_~d}bB6Py+L5Lu1#Snv-iXn{9fx!Z)1$l~r!Pl2T3+QWJuo4Cog^c_ROh73G zAU1$F?f?J({yveu0inTQg+MOcQZO4tAcR0_kolmXIcA~&G>;L887?A8!@LU$UsMCY z77W{N4ij8wij!3=%e8M-4^?4{W$WB5@Fg3wcf=PZt%V;P7FHVYp~2S_Lu+Z)%6z z1r8OgO7Ujm0S`>L2T&LwH{$~+ibn