EXV_WARN_UNUSED_RESULT is a conditional macro that expands to either
__attribute__((warn_unused_result)) on gcc & clang or to _Check_return
for MSVC
=> Compiler warns if the return value is ignored
in the following call:
getHeaderOffset (payload.pData_, payload.size_, (byte*)&exifLongHeader, 6);
getHeaderOffset would read 6 bytes from exifLongHeader, reading beyond the
bounds of the array => add 2 padding bytes to prevent overreads
memcmp() compares the read data from key with the provided string, but when
key.pData_ is shorter than the provided length, then memcmp can read beyond the
bounds of key.pData_
=> add custom compare function, which ensures that we never read more than
key.size_
The pointer p is advanced in the while loop to step over three '\n'.
However, its length is never reduced accordingly. => the length check in the
following for loop is invalid, as it permits overreading by the number of
characters that p was advanced by.
The loop condition will perform a range check correctly, but it will always
dereference bytes[i], even if i is too large and fails the second check.
=> move the bytes[i] == 0x1c check into a if, after the range check was
successfull
DataBuf::release() easily cause memory leaks, when the return value is
ignored. free() provides the desired behavior, when the internal data should
just be deleted and not used further.
The size parameter is only checked for upper bounds, but not for lower.
If it is too small, then created dataBuf will be too small and overflow in one
of the subsequent memcpy() calls.
This fixes#378 / CVE-2018-14046
Several checks for extracted values performed no overflow checks on the
addition. They can be tricked into passing, albeit the individual summands are
too large.
=> use Safe::add() which now aborts when an overflow occurs
This fixes#366
offset_ can become arbitrarily large and overflows once its added to size_,
this causes all kinds of problems further in the code when offset_ is used
again.
=> Use Safe::add() to catch potential overflows
This fixes#365.
This option should be provided when calling to the cmake command.
Otherwise, we overwrite the value even when the user pass the value
in the command line.
dot is needed to generate the exiv2 documentation. Furthermore we were
generating the documentation in ${PROJECT_BINARY_DIR}/html while the
CMake 'install' command was expecting to find the documentation directory
at ${PROJECT_BINARY_DIR}/doc/html. This has been also fixed in this
commit.
The FileDecoratorBase injects a new setUp & tearDown function. These new
functions would call the old setUp & tearDown in an inconvenient order: e.g. the
child class CopyFiles would at first call the user provided setUp and then copy
the files. This makes it impossible to perform some action on the file copy in
setUp.
=> This commit changes the call order, so that setUp & tearDown always "see" the
finished environment after file copies are in place and before any cleanup took
place.
We use now the Doxyfile.in template file with some variables that are
replaced at configuration time by absolute paths. Therefore, we can run
later the doxygen command with absolute paths from the
PROJECT_BINARY_DIR.
The CMake 'doc' target is added only if doxygen is available in the
system.
