third_party/exiv2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix out of bounds read in isValidBoxFileType()

Browse Source
This commit is contained in:
Luis Díaz Más 2022-03-31 18:44:32 +02:00 committed by Luis Diaz
parent 3b9fcb4b3d
commit d16ca65b01
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/jp2image_int.cpp
View File

@ -11,7 +11,7 @@ namespace Exiv2::Internal {
bool isValidBoxFileType(const std::vector<uint8_t>& boxData) {
// BR & MinV are obligatory (4 + 4 bytes). Afterwards we have N compatibility lists (of size 4)
if ((boxData.size() - 8u) % 4u != 0) {
if (boxData.size() < 8 || ((boxData.size() - 8u) % 4u) != 0) {
return false;
}

5
unitTests/test_jp2image_int.cpp
View File

@ -58,6 +58,11 @@ TEST(Jp2_FileTypeBox, withInvalidBoxDataSizeIsInvalid) {
ASSERT_FALSE(isValidBoxFileType(boxData));
}
TEST(Jp2_FileTypeBox, withSmallBoxDataSizeIsInvalid) {
std::vector<std::uint8_t> boxData(7); // Minimum size is 8
ASSERT_FALSE(isValidBoxFileType(boxData));
}
TEST(Jp2_FileTypeBox, with2CLs_lastOneWithBrandValue_isValid) {
std::vector<std::uint8_t> boxData(16);
// The first 4 bytes correspond to the BR (Brand). It must have the value 'jp2\040'