third_party/exiv2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2191 from Exiv2/main_fix2190

Browse Source 
Detect integer-overflow and throw in that case
This commit is contained in:
Luis Díaz Más 2022-04-04 11:33:42 +02:00 committed by GitHub
commit 3f496bd264
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/exif.cpp
View File

@ -14,6 +14,7 @@
#include "config.h" #include "config.h"
#include "error.hpp" #include "error.hpp"
#include "metadatum.hpp" #include "metadatum.hpp"
#include "safe_op.hpp"
#include "tags.hpp" #include "tags.hpp"
#include "tags_int.hpp" #include "tags_int.hpp"
#include "tiffcomposite_int.hpp" // for Tag::root #include "tiffcomposite_int.hpp" // for Tag::root
@ -741,7 +742,7 @@ Exiv2::DataBuf JpegThumbnail::copy(const Exiv2::ExifData& exifData) const {
int64_t sumToLong(const Exiv2::Exifdatum& md) { int64_t sumToLong(const Exiv2::Exifdatum& md) {
int64_t sum = 0; int64_t sum = 0;
for (size_t i = 0; i < md.count(); ++i) { for (size_t i = 0; i < md.count(); ++i) {
sum += md.toInt64(i); sum = Safe::add(sum, md.toInt64(i));
} }
return sum; return sum;
} }

BIN
test/data/issue_2190_poc.jp2 Normal file
View File

Binary file not shown.

1
tests/regression_tests/test_regression_allfiles.py
View File

@ -54,6 +54,7 @@ def get_valid_files(data_dir):
"issue_ghsa_8949_hhfh_j7rj_poc.exv", "issue_ghsa_8949_hhfh_j7rj_poc.exv",
"exiv2-bug495.jpg", "exiv2-bug495.jpg",
"issue_1920_poc.tiff", "issue_1920_poc.tiff",
"issue_2190_poc.jp2",
# non-zero return code files, most of them are security POC so we don't # non-zero return code files, most of them are security POC so we don't
# really need to worry about them here # really need to worry about them here
"2018-01-09-exiv2-crash-001.tiff", "2018-01-09-exiv2-crash-001.tiff",