third_party/exiv2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5,245 Commits 2 Branches 0 Tags 122 MiB
752e7a6bea
Commit Graph

5245 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Luis Díaz Más
752e7a6bea Add simple unit tests for DataBuf 2017-10-16 07:27:32 +02:00
Luis Díaz Más
72cf9166fe Add simple tests for exifTime 2017-10-16 07:27:32 +02:00
Luis Díaz Más
2bad771834 (CMake) Add GTEST_LINKED_AS_SHARED_LIBRARY definition 2017-10-16 07:27:32 +02:00
Luis Díaz Más
26189ad287 (CMake) Add a new CMake option to enable the new Unit Tests 2017-10-16 07:27:32 +02:00
Luis Díaz Más
89629f0056 (CMake) Bring GTest and GMock via conan 2017-10-16 07:27:32 +02:00
Luis Díaz Más
cd38a570fa (CMake) Same output directories for binaries and libraries on all the platforms 2017-10-16 07:27:32 +02:00
Luis Díaz Más
00f5b2ab6d Merge pull request #114 from D4N/readme_improvements 
Adapted README.md to better render on Github
 2017-10-16 07:10:40 +02:00
Dan Čermák
942044e7d9 Adapted README.md to better render on github 2017-10-15 22:55:06 +02:00
Luis Díaz Más
38584d938b Merge pull request #118 from a17r/exiv2command 
Fix build with EXIV2_BUILD_EXIV2_COMMAND=OFF
 2017-10-15 21:05:57 +02:00
Luis Díaz Más
6c01726404 Merge branch 'master' into exiv2command 2017-10-15 20:30:18 +02:00
Andreas Sturmlechner
57883ee664
Fix build with EXIV2_BUILD_EXIV2_COMMAND=OFF 2017-10-13 18:54:11 +02:00
Luis Díaz Más
269370863e Merge pull request #117 from a17r/pobuildswitch 
Fix remaining occurrence of EXIV2_ENABLE_BUILD_PO
 2017-10-13 08:09:13 +02:00
Andreas Sturmlechner
3f39c23f2c
Fix remaining occurrence of EXIV2_ENABLE_BUILD_PO 2017-10-12 17:41:01 +02:00
D4N
549cac47af Merge pull request #110 from D4N/fix_CVE-2017-14864 
Fix for CVE-2017-14864, CVE-2017-14862 and CVE-2017-14859
 2017-10-11 10:15:00 +02:00
Dan Čermák
de298b8e5d Added reproducers for #73, #74 and #75 to the test suite 2017-10-11 09:50:39 +02:00
Dan Čermák
c686843e20 Added exception throw on Value pointer being null 
v can be null if the typeId is invalid => throw an exception notifying
the user that his file is corrupted instead of the assertion
 2017-10-11 09:46:04 +02:00
Dan Čermák
75940da0a6 Added check for overflows in calculation of size 2017-10-11 09:46:04 +02:00
Dan Čermák
8a586c74bb Fix for CVE-2017-14864, CVE-2017-14862 and CVE-2017-14859 
The invalid memory dereference in
Exiv2::getULong()/Exiv2::StringValueBase::read()/Exiv2::DataValue::read()
is caused further up the call-stack, by
v->read(pData, size, byteOrder) in TiffReader::readTiffEntry()
passing an invalid pData pointer (pData points outside of the Tiff
file). pData can be set out of bounds in the (size > 4) branch where
baseOffset() and offset are added to pData_ without checking whether
the result is still in the file. As offset comes from an untrusted
source, an attacker can craft an arbitrarily large offset into the
file.

This commit adds a check into the problematic branch, whether the
result of the addition would be out of bounds of the Tiff
file. Furthermore the whole operation is checked for possible
overflows.
 2017-10-11 09:46:04 +02:00
Dan Čermák
6c1ba331b9 Added arithmetic operation overflow error 2017-10-11 09:46:04 +02:00
Luis Díaz Más
f06418c656 Merge pull request #108 from D4N/fix_CVE-2017-14860 
Fix CVE-2017-14860
 2017-10-11 06:38:58 +02:00
Dan Čermák
c884a3b4bf Added the reproducer for CVE-2017-14860 to the test suite 2017-10-11 00:11:15 +02:00
Dan Čermák
ff18fec24b Fix for CVE-2017-14860 
A heap buffer overflow could occur in memcpy when icc.size_ is larger
than data.size_ - pad, as then memcpy would read out of bounds of data.

This commit adds a sanity check to iccLength (= icc.size_): if it is
larger than data.size_ - pad (i.e. an overflow would be caused) an
exception is thrown.

This fixes #71.
 2017-10-11 00:11:15 +02:00
Dan Čermák
65f45a3505 Added new error message to warn about corrupted metadata 2017-10-11 00:11:15 +02:00
Luis Díaz Más
27cabb2a1a Merge pull request #115 from piponazo/appVeyorChanges 
App veyor changes
 2017-10-10 11:59:44 +02:00
Luis Díaz Más
39e3d7fbe4 Merge branch 'master' into appVeyorChanges 2017-10-10 10:41:33 +02:00
Luis Díaz Más
7f0d753d10 Use separate conanData directory for the conan cache in travis 2017-10-10 08:13:30 +02:00
Luis Díaz Más
62a0f8cde8 Unify appveyor style 2017-10-10 08:13:30 +02:00
Luis Diaz Mas
bdce47b6e7 Use VS2015 instead of 2017, Use newer conan version and enable cache in appveyor 2017-10-10 08:13:26 +02:00
D4N
0a56b0ab81 Merge pull request #113 from greenbigfrog/patch-1 
Fix URL to wiki in README.md
 2017-10-09 22:36:51 +02:00
Jonathan
2ff0bb9a6a Fix URL to wiki in README.md 2017-10-09 18:01:27 +02:00
Luis Díaz Más
0670b35f56 Merge pull request #111 from piponazo/travisCache 
Travis cache
 2017-10-08 09:12:03 +02:00
Luis Diaz Mas
f454c375a0 Disable bash -ex to not fail with commands returning non-0 values 2017-10-07 19:47:30 +02:00
Luis Díaz Más
1067978216 Adding caching support in travis-ci builds 2017-10-07 19:39:26 +02:00
Luis Díaz Más
4beb08e219 Merge pull request #105 from Kicer86/bigtiff 
Work in progress - improvements for bigtiff
 2017-10-07 09:38:49 +02:00
Michał Walenciak
2e535d8a27 trying to fix windows build 2017-10-07 08:58:58 +02:00
Luis Díaz Más
8e4aff29c2 Merge pull request #107 from D4N/tiffvisitor_nullptr_check 
Use nullptr check instead of assertion, by Raphaël Hertzog
 2017-10-06 15:57:55 +02:00
Michał Walenciak
2402a693fd adding missing include for numeric_limits 2017-10-06 11:27:46 +02:00
Luis Díaz Más
93bbf0cab1 Merge pull request #104 from piponazo/removeCpp11Feature 
Remove cpp11 features
 2017-10-06 05:40:39 +02:00
Dan Čermák
e026160556 Use nullptr check instead of assertion, by Raphaël Hertzog 
Source:
https://github.com/Exiv2/exiv2/issues/57#issuecomment-333086302

tc can be a null pointer when the TIFF tag is unknown (the factory
then returns an auto_ptr(0)) => as this can happen for corrupted
files, an explicit check should be used because an assertion can be
turned of in release mode (with NDEBUG defined)

This also fixes #57
 2017-10-06 00:43:31 +02:00
Luis Díaz Más
bef6dad6c5 Merge pull request #103 from AdelieLinux/master 
Amend fix for #9 to apply to other Unix systems
 2017-10-05 14:45:05 +02:00
Michał Walenciak
b1a5d615c5 removing debug message 2017-10-04 22:46:43 +02:00
Michał Walenciak
64e05c0a7a improving fixes for #55 and #56 2017-10-04 22:46:20 +02:00
Luis Díaz Más
1a1a61b63d Remove reference to regex & c++11 from the man page 2017-10-04 19:42:11 +02:00
Luis Díaz Más
5b8894908b Remove all references to EXV_HAVE_REGEX and related code 2017-10-04 19:27:01 +02:00
Luis Díaz Más
bfd61bd0f1 Merge pull request #96 from Kicer86/master 
Adding comment for issue #56
 2017-10-04 09:27:54 +02:00
A. Wilcox
d775683f57
Amend fix for #9 to apply to other Unix systems 
At least the musl libc on Linux has the same issue as Mac OS X: the
PTHREAD_RECURSIVE_* static initialiser does not exist.  This is a
documented and purposeful omission:

http://www.openwall.com/lists/musl/2017/02/20/3

This commit uses similar logic to the Apple test on other Unixes.
 2017-10-04 00:17:48 -05:00
Luis Díaz Más
6db39b08a5 Merge pull request #102 from piponazo/removeObjectLibrary 
Remove EXIV2_ENABLE_LIBXMP variable, always build static XMP library,…
 2017-10-04 07:15:51 +02:00
Luis Díaz Más
3dbc7c1969 Fix compilation on Windows 2017-10-03 21:07:43 +02:00
Luis Diaz Mas
2784b1f7f7 Remove EXIV2_ENABLE_LIBXMP variable, always build static XMP library, remove cmake OBJECT library 2017-10-03 19:54:57 +02:00
Robin Mills
d9e9f71918 Merge pull request #98 from D4N/testsuite 
Add POC3, POC4, POC5, POC6, POC9, POC11, POC12 & POC13 to the test suite
 2017-10-03 01:28:27 +01:00