third_party/exiv2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7,692 Commits 2 Branches 0 Tags 122 MiB
decfda43df
Commit Graph

7692 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robin Mills
55001c8ddf
Merge pull request #222 from Exiv2/fix-220 
Fix 220
 2018-02-03 14:19:59 +00:00
clanmills
7d837d9c86 Changes to test/Makefile following Dan's review. 2018-02-03 12:29:22 +00:00
D4N
9cddfa514d
Merge pull request #207 from D4N/fix_cve_2018_4868 
Fix CVE-2018-4868
 2018-02-01 18:08:47 +01:00
Dan Čermák
72de0f96f3 Added reproducer for CVE-2018-4868 to the test suite 2018-02-01 17:55:22 +01:00
Dan Čermák
fcb4257051 Add check for DataBuf.size_ in Jp2Image::readMetadata() 
When parsing a subBox that is a ColorHeader, a length is extracted
from the input file and fed directly into DataBuf() (which calls
malloc). A crafted input file can provide arbitrarily (up to
max(uint32_t)-8) large values and result in excessive memory
allocation.

This commit adds a check for the new size of DataBuf so that it is not
larger than the remaining size of the file.

This fixes #202 aka CVE-2018-4868
 2018-02-01 17:55:22 +01:00
Robin Mills
7f56236bb8
Merge pull request #212 from Kicer86/master 
fix for crash in bigtiff (issue #208)
 2018-02-01 15:13:12 +00:00
Robin Mills
a1f1989cb5
Merge branch 'master' into master 2018-02-01 14:55:07 +00:00
clanmills
06e3570f10 Trivial Documentation Update 2018-01-29 09:14:48 +00:00
clanmills
552247c3d0 Update test/Makefile not to exit on error 2018-01-29 09:13:58 +00:00
clanmills
c082537967 Fix #220 https://github.com/Exiv2/exiv2/issues/220 2018-01-29 09:13:27 +00:00
D4N
5f360a99af
Merge pull request #217 from D4N/fix_187 
Fix for #187
 2018-01-27 22:27:49 +01:00
Dan Čermák
80c4d95171 Add regression test for CVE 2017-17669 2018-01-27 14:51:40 +01:00
Dan Čermák
e0ab5aaa87 Add error 14 text as a variable to the test suite 2018-01-27 14:51:40 +01:00
Dan Čermák
4429b962e1 Fix out of bounds read in src/pngchunk_int.cpp by @brianmay 
- consider that key is advanced by 8 bytes if stripHeader is true
  => length is reduced by same amount
  Fixed by adding offset to the check in the loop
- Rewrote loop so that keysize is checked before the next
  iteration (preventing an out of bounds read)
 2018-01-27 14:51:40 +01:00
Robin Mills
df4113b765 changes to MemIo::reserve() for #200 (#213) 
* changes to MemIo::reserve() for #200

* Changes following review by Dan (thanks, Dan).
 2018-01-26 09:19:03 +01:00
Michał Walenciak
d219e61586 be more error prone 2018-01-17 19:07:41 +01:00
Michał Walenciak
24348e85ca checks for valid reads 2018-01-15 21:44:41 +01:00
Michał Walenciak
421c6d6723 improvements for issue #208 2018-01-14 08:24:26 +01:00
D4N
b7d76da9d5
Merge pull request #203 from Exiv2/fix_201 
Fix #201
 2018-01-13 21:30:02 +01:00
Michał Walenciak
dba9fba725 test for issue #208 2018-01-13 15:52:50 +01:00
Michał Walenciak
1647908e00 fix for crash in bigtiff (issue #208) 2018-01-13 11:44:31 +01:00
Dan Čermák
9900f523fe Added reproducer for #201 to the test suite 2018-01-06 00:26:09 +01:00
Robin Mills
7d42da94d0 Removed wrong ExifData::const_iterator that shadowed the correct one 2018-01-06 00:07:36 +01:00
D4N
4be065595e
Merge pull request #155 from D4N/python_test_suite_wip 
[WIP][RFC] Python test suite
 2018-01-05 07:36:20 +01:00
Dan Čermák
27d7a5d968 Added new test suite to travis & Appveyor 2018-01-05 00:44:40 +01:00
Dan Čermák
5267123186 Ported tiff-test.sh 2018-01-05 00:44:24 +01:00
Dan Čermák
085c9715fc Added some example test cases to the new test suite 2018-01-05 00:43:43 +01:00
Dan Čermák
2e745b0b26 Added replacement for the current regression test suite 2018-01-05 00:42:45 +01:00
Luis Díaz Más
00f32316b2 Add missing header 2017-12-21 16:33:14 +01:00
Luis Díaz Más
22527f0927 Add reproducer for issue #188 2017-12-21 16:33:14 +01:00
Luis Díaz Más
14ff034fb4 Catch std::overflow_error exception in Print::run 2017-12-21 16:33:14 +01:00
Luis Diaz Mas
d09c4bb7cd Fix arithmetic operation overflow 2017-12-21 16:33:14 +01:00
Luis Diaz Mas
d1b4df5533 Show the Appveyor badge corresponding to the master branch 2017-12-19 15:53:11 +01:00
D4N
2c1d5288c2
Merge pull request #198 from Exiv2/fix_errno_failure_Fedora 
Reset errno to 0 before unit test probing strerror(errno)
 2017-12-18 09:46:58 +01:00
Dan Čermák
1de633ad37 Reset errno to 0 before unit test probing strerror(errno) 
errno can be set to a non-zero value from a previously failed system
call, it is not reset by successful ones
=> have to do that manually or the unit test fails because it detects
   an "outdated" error message
 2017-12-17 23:46:10 +01:00
D4N
eec3f9a0c5
Merge pull request #194 from Exiv2/integer_overflow_checks 
Add Integer addition overflow checks
 2017-12-17 23:45:29 +01:00
Luis Díaz Más
a1023c39ab Add safe_op.hpp to LIBEXIV2_PRIVATE_HDR (to be shown in IDEs) 2017-12-17 20:35:07 +01:00
Dan Čermák
7c00e9128d Fix compilation error with gcc < 5 
- overflow builtins were added with gcc 5.0
 2017-12-17 20:35:07 +01:00
Dan Čermák
3b3283e37d Added unit tests for new overflow checking addition functions 2017-12-17 20:35:07 +01:00
Dan Čermák
ca7c699aa1 Added overflow safe addition function 2017-12-17 20:35:07 +01:00
Luis Díaz Más
39377b8c02 Fix strError tests on Mac 2017-12-17 18:26:12 +01:00
Luis Díaz Más
9b463708a4 Test runner return the gtest return value 2017-12-17 18:26:12 +01:00
Luis Díaz Más
3cf3635ae2 [travis] Fix unit tests on Mac. 
- Use libc++ instead of libstdc++ in the conan profile
- Add CMAKE_OPTIONS for Mac
 2017-12-17 18:26:12 +01:00
Luis Díaz Más
6d41884245 [AppVeyor] Re-enable unit tests and compile project in release mode 
The problem was that we were not indicating the CMAKE_BUILD_TYPE when
calling CMake. It is important to set that CMake variable when using
the Ninja generator.
 2017-12-17 18:26:12 +01:00
Luis Díaz Más
a1213c1d90 Use the DEBUG compiler definition in Debug mode 2017-12-15 10:08:01 +01:00
Luis Díaz Más
74a5c5f770 [travis] Fix mac osx jobs 
- Specify concrete ubuntu and mac versions
- Use latest conan version
- Fix the profiles for linux and mac
- Use new version of expat (avilable in conan-center)
- Install urllib3 as suggested in python guidelines
- Use virtualenv with python3
 2017-12-13 15:12:20 +01:00
Luis Díaz Más
3ccc64d713 [travis] Re-enable osx 2017-12-13 15:12:20 +01:00
Robin Mills
8f5b795eaa Fixes to autotools build to respect mn_int.cpp files (#186) 
* Fixes to autotools build to respect mn_int.cpp files

* Changes following Luis' code review.
 2017-12-11 16:48:07 +01:00
D4N
6b29822670
Merge pull request #169 from D4N/reproducer_redmine_1305 
Added reproducer for redmine issue 1305
 2017-12-07 09:17:23 +01:00
Dan Čermák
42090c1625 Updated bugfixes-test.out 2017-12-07 09:09:11 +01:00