third_party/exiv2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5,264 Commits 2 Branches 0 Tags 122 MiB
8a04b7683c
Commit Graph

5264 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
D4N
8a04b7683c
Merge pull request #130 from D4N/reproducer-for-54 
Added reproducer for #54 / CVE-2017-11592 to the test suite
 2017-10-29 10:50:19 +01:00
Dan Čermák
f4f05001e9 Updated bugfixes-test.out 2017-10-29 10:21:49 +01:00
Dan Čermák
35cb91a9f3 Added reproducer for #54 / CVE-2017-11592 to the test suite 2017-10-29 10:17:04 +01:00
Dan Čermák
091d4edbdb Corrected bugfix test number #54 to #56 2017-10-29 10:17:04 +01:00
D4N
1c3f0dab5e
Merge pull request #128 from D4N/master 
Added reproducer for #76 /  CVE-2017-14857 to the testsuite
 2017-10-29 10:09:29 +01:00
Dan Čermák
72b75ddfe4 Updated bugfixes-test.out 2017-10-19 00:42:42 +02:00
Dan Čermák
87e0c6ec53 Added reproducer for #76 to the testsuite 2017-10-19 00:42:11 +02:00
Luis Díaz Más
319ccdbc71 Merge pull request #119 from a17r/ccache 
Add build switch to disable auto ccache
 2017-10-16 12:34:54 +02:00
Andreas Sturmlechner
7f515e6da7
Add build switch to enable auto ccache 
Make usage of ccache by build system opt-in.
 2017-10-16 11:31:24 +02:00
Luis Díaz Más
5e8a76667a Merge pull request #116 from piponazo/UnitTests 
Add Unit tests with Google Test
 2017-10-16 07:52:05 +02:00
Luis Diaz Mas
2e8376dccc Do not use Gtest imported target (Not available in minimum CMake version required) 2017-10-16 07:27:32 +02:00
Luis Díaz Más
8582c564e0 (AppVeyor) Move to project directory 2017-10-16 07:27:32 +02:00
Luis Díaz Más
142a9a9178 (AppVeyor) Disable unit tests until we found out the problem 2017-10-16 07:27:32 +02:00
Luis Díaz Más
bf6670abb0 (AppVeyor) Install ninja & Use it as the CMake generator (speed up builds) 2017-10-16 07:27:32 +02:00
Luis Díaz Más
f9fab45163 (AppVeyor) Trying to run unit tests properly from windows 2017-10-16 07:27:32 +02:00
Pix4d
3f53588de7 (Travis) Should run tests on mac 2017-10-16 07:27:32 +02:00
Luis Díaz Más
a721ab343d (travis) Use 2 threads in the compilation 2017-10-16 07:27:32 +02:00
Luis Díaz Más
b78aa69455 (travis) Do not install things bring with conan already 2017-10-16 07:27:32 +02:00
Luis Díaz Más
9482763061 Run unit tests in travis-ci and appveyor 2017-10-16 07:27:32 +02:00
Luis Díaz Más
752e7a6bea Add simple unit tests for DataBuf 2017-10-16 07:27:32 +02:00
Luis Díaz Más
72cf9166fe Add simple tests for exifTime 2017-10-16 07:27:32 +02:00
Luis Díaz Más
2bad771834 (CMake) Add GTEST_LINKED_AS_SHARED_LIBRARY definition 2017-10-16 07:27:32 +02:00
Luis Díaz Más
26189ad287 (CMake) Add a new CMake option to enable the new Unit Tests 2017-10-16 07:27:32 +02:00
Luis Díaz Más
89629f0056 (CMake) Bring GTest and GMock via conan 2017-10-16 07:27:32 +02:00
Luis Díaz Más
cd38a570fa (CMake) Same output directories for binaries and libraries on all the platforms 2017-10-16 07:27:32 +02:00
Luis Díaz Más
00f5b2ab6d Merge pull request #114 from D4N/readme_improvements 
Adapted README.md to better render on Github
 2017-10-16 07:10:40 +02:00
Dan Čermák
942044e7d9 Adapted README.md to better render on github 2017-10-15 22:55:06 +02:00
Luis Díaz Más
38584d938b Merge pull request #118 from a17r/exiv2command 
Fix build with EXIV2_BUILD_EXIV2_COMMAND=OFF
 2017-10-15 21:05:57 +02:00
Luis Díaz Más
6c01726404 Merge branch 'master' into exiv2command 2017-10-15 20:30:18 +02:00
Andreas Sturmlechner
57883ee664
Fix build with EXIV2_BUILD_EXIV2_COMMAND=OFF 2017-10-13 18:54:11 +02:00
Luis Díaz Más
269370863e Merge pull request #117 from a17r/pobuildswitch 
Fix remaining occurrence of EXIV2_ENABLE_BUILD_PO
 2017-10-13 08:09:13 +02:00
Andreas Sturmlechner
3f39c23f2c
Fix remaining occurrence of EXIV2_ENABLE_BUILD_PO 2017-10-12 17:41:01 +02:00
D4N
549cac47af Merge pull request #110 from D4N/fix_CVE-2017-14864 
Fix for CVE-2017-14864, CVE-2017-14862 and CVE-2017-14859
 2017-10-11 10:15:00 +02:00
Dan Čermák
de298b8e5d Added reproducers for #73, #74 and #75 to the test suite 2017-10-11 09:50:39 +02:00
Dan Čermák
c686843e20 Added exception throw on Value pointer being null 
v can be null if the typeId is invalid => throw an exception notifying
the user that his file is corrupted instead of the assertion
 2017-10-11 09:46:04 +02:00
Dan Čermák
75940da0a6 Added check for overflows in calculation of size 2017-10-11 09:46:04 +02:00
Dan Čermák
8a586c74bb Fix for CVE-2017-14864, CVE-2017-14862 and CVE-2017-14859 
The invalid memory dereference in
Exiv2::getULong()/Exiv2::StringValueBase::read()/Exiv2::DataValue::read()
is caused further up the call-stack, by
v->read(pData, size, byteOrder) in TiffReader::readTiffEntry()
passing an invalid pData pointer (pData points outside of the Tiff
file). pData can be set out of bounds in the (size > 4) branch where
baseOffset() and offset are added to pData_ without checking whether
the result is still in the file. As offset comes from an untrusted
source, an attacker can craft an arbitrarily large offset into the
file.

This commit adds a check into the problematic branch, whether the
result of the addition would be out of bounds of the Tiff
file. Furthermore the whole operation is checked for possible
overflows.
 2017-10-11 09:46:04 +02:00
Dan Čermák
6c1ba331b9 Added arithmetic operation overflow error 2017-10-11 09:46:04 +02:00
Luis Díaz Más
f06418c656 Merge pull request #108 from D4N/fix_CVE-2017-14860 
Fix CVE-2017-14860
 2017-10-11 06:38:58 +02:00
Dan Čermák
c884a3b4bf Added the reproducer for CVE-2017-14860 to the test suite 2017-10-11 00:11:15 +02:00
Dan Čermák
ff18fec24b Fix for CVE-2017-14860 
A heap buffer overflow could occur in memcpy when icc.size_ is larger
than data.size_ - pad, as then memcpy would read out of bounds of data.

This commit adds a sanity check to iccLength (= icc.size_): if it is
larger than data.size_ - pad (i.e. an overflow would be caused) an
exception is thrown.

This fixes #71.
 2017-10-11 00:11:15 +02:00
Dan Čermák
65f45a3505 Added new error message to warn about corrupted metadata 2017-10-11 00:11:15 +02:00
Luis Díaz Más
27cabb2a1a Merge pull request #115 from piponazo/appVeyorChanges 
App veyor changes
 2017-10-10 11:59:44 +02:00
Luis Díaz Más
39e3d7fbe4 Merge branch 'master' into appVeyorChanges 2017-10-10 10:41:33 +02:00
Luis Díaz Más
7f0d753d10 Use separate conanData directory for the conan cache in travis 2017-10-10 08:13:30 +02:00
Luis Díaz Más
62a0f8cde8 Unify appveyor style 2017-10-10 08:13:30 +02:00
Luis Diaz Mas
bdce47b6e7 Use VS2015 instead of 2017, Use newer conan version and enable cache in appveyor 2017-10-10 08:13:26 +02:00
D4N
0a56b0ab81 Merge pull request #113 from greenbigfrog/patch-1 
Fix URL to wiki in README.md
 2017-10-09 22:36:51 +02:00
Jonathan
2ff0bb9a6a Fix URL to wiki in README.md 2017-10-09 18:01:27 +02:00
Luis Díaz Más
0670b35f56 Merge pull request #111 from piponazo/travisCache 
Travis cache
 2017-10-08 09:12:03 +02:00