third_party/exiv2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use safe add to prevent overflow

Browse Source 
Co-authored-by: Kevin Backhouse <kevinbackhouse@github.com>

Use safe add to prevent overflow

Co-authored-by: Kevin Backhouse <kevinbackhouse@github.com>
This commit is contained in:
Miloš Komarčević 2022-10-24 12:23:28 +02:00 committed by Miloš Komarčević
parent 23cdcc48d7
commit a58e52ed70
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/bmffimage.cpp
View File

@ -516,8 +516,8 @@ uint64_t BmffImage::boxHandler(std::ostream& out /* = std::cout*/, Exiv2::PrintS
DataBuf arr;
brotliUncompress(data.c_data(4), data.size() - 4, arr);
if (realType == TAG_exif) {
uint32_t offset = arr.read_uint32(0, endian_) + 4;
enforce(offset + 4 < arr.size(), Exiv2::ErrorCode::kerCorruptedMetadata);
uint32_t offset = Safe::add(arr.read_uint32(0, endian_), 4u);
enforce(Safe::add(offset, 4u) < arr.size(), Exiv2::ErrorCode::kerCorruptedMetadata);
Internal::TiffParserWorker::decode(exifData(), iptcData(), xmpData(), arr.c_data(offset), arr.size() - offset,
Internal::Tag::root, Internal::TiffMapping::findDecoder);
} else if (realType == TAG_xml) {