From c3239e3187aa7bf194252b375940bb451d14210f Mon Sep 17 00:00:00 2001 From: Kevin Backhouse Date: Sat, 17 Jul 2021 15:58:16 +0100 Subject: [PATCH] &bytes[0] will crash if bytes has zero elements. (cherry picked from commit 3e72d129e53b14e0b62d74aefed6bbd326562d63) --- src/image.cpp | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/src/image.cpp b/src/image.cpp index 1428e6b0..cde7d4a0 100644 --- a/src/image.cpp +++ b/src/image.cpp @@ -467,20 +467,20 @@ namespace Exiv2 { seekOrThrow(io, restore, BasicIo::beg, kerCorruptedMetadata); } } else if ( option == kpsRecursive && tag == 0x83bb /* IPTCNAA */ ) { + if (count > 0) { + if (static_cast(Safe::add(count, offset)) > io.size()) { + throw Error(kerCorruptedMetadata); + } - if (static_cast(Safe::add(count, offset)) > io.size()) { - throw Error(kerCorruptedMetadata); + const long restore = io.tell(); + seekOrThrow(io, offset, BasicIo::beg, kerCorruptedMetadata); // position + std::vector bytes(count) ; // allocate memory + // TODO: once we have C++11 use bytes.data() + readOrThrow(io, &bytes[0], count, kerCorruptedMetadata); + seekOrThrow(io, restore, BasicIo::beg, kerCorruptedMetadata); + // TODO: once we have C++11 use bytes.data() + IptcData::printStructure(out, makeSliceUntil(&bytes[0], count), depth); } - - const long restore = io.tell(); - seekOrThrow(io, offset, BasicIo::beg, kerCorruptedMetadata); // position - std::vector bytes(count) ; // allocate memory - // TODO: once we have C++11 use bytes.data() - readOrThrow(io, &bytes[0], count, kerCorruptedMetadata); - seekOrThrow(io, restore, BasicIo::beg, kerCorruptedMetadata); - // TODO: once we have C++11 use bytes.data() - IptcData::printStructure(out, makeSliceUntil(&bytes[0], count), depth); - } else if ( option == kpsRecursive && tag == 0x927c /* MakerNote */ && count > 10) { const long restore = io.tell(); // save