third_party/exiv2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6,778 Commits 2 Branches 0 Tags 122 MiB
eb4bc191fc
Commit Graph

20 Commits

Author SHA1 Message Date
Luis Díaz Más
113136e134 Replace DEBUG with EXIV2_DEBUG_MESSAGES 
Fixes #926
 2019-07-12 11:14:35 +02:00
Kevin Backhouse
b35c43e7c2 Remove call to atol, which might read off the end of the buffer. (#870) 2019-05-17 12:45:42 +02:00
Kevin Backhouse
43f154f44b Merge two enforces into one. 2019-05-14 17:31:37 +02:00
Kevin Backhouse
d3e69f6d2c Add bounds check on allocation size. 2019-05-14 17:31:37 +02:00
Luis Díaz Más
603692a1d8 Copyright to Exiv2 authors 2018-09-12 19:22:31 +02:00
Luis Díaz Más
94375034e6 Fix -Wsign-compare issues 2018-09-12 19:22:31 +02:00
Robin Mills
6d1c318fc6 Fixes in PngChunk::readRawProfile 2018-09-11 09:49:59 +02:00
Luis Díaz Más
f5b40f3e82 Fix more issues in PngChunk::readRawProfile 2018-09-11 09:49:59 +02:00
Luis Díaz Más
847da051c0 Fix bug in PngChunk::readRawProfile 
- Now it takes into account text.size_ when searching for a newline
char.
 2018-09-11 09:49:59 +02:00
Luis Díaz Más
4161099b91 Fix warnings reported by MSVC 2018-09-10 10:31:00 +02:00
Dan Čermák
35b3e596ed Add overflow & overread checks to PngChunk::parseTXTChunk() 
This function was creating a lot of new pointers and strings without
properly checking the array bounds. This commit adds several calls
to enforce(), making sure that the pointers stay within bounds.
Strings are now created using the helper function
string_from_unterminated() to prevent overreads in the constructor of
std::string.

This fixes #400
 2018-08-21 13:46:53 +02:00
Luis Diaz Mas
1371d677f9 Remove custom messages from enforce(xxx, Exiv2::kerCorruptedMetadata) 2018-05-23 14:14:39 +02:00
Luis Diaz Mas
c0a879aea4 Fix call to std::count, so that we count until the end of the array 2018-05-23 14:14:39 +02:00
Luis Diaz Mas
3ad0050469 Check validity of compressionFlag & compressionMethod 2018-05-23 10:57:13 +02:00
Luis Diaz Mas
2fb00c8a16 Analyze minimum needed number of null separators in PngChunk::parseTXTChunk 
This commit fixes the heap-buffer-overflow in PngChunk::parseTXTChunk.

According to the specification:
http://www.libpng.org/pub/png/spec/1.2/PNG-Chunks.html

There must be 2 null separators when we start to analyze the language tag.
 2018-05-23 10:57:13 +02:00
Luis Diaz Mas
4922df6018 Replace '\n' by endl that flush content. Useful for debugging 2018-05-23 10:57:13 +02:00
Dan Čermák
751fba8b54 Added dataBuf size check before calling PngChunk::decodeIHDRChunk 
- cdataBuf must be at least 8 bytes long otherwise decodeIHDRChunk
  reads out of bounds
- pngImage::readMetadata now skips png chunks where the offset for
  IHDR chunks is invalid
- added assertion into PngChunk::decodeIHDRChunk() to ensure dataBuf
  size
 2018-02-22 14:55:12 +01:00
Dan Čermák
efe2ccdcb6 Replaced all hardcoded error codes with ker... constants 2018-02-18 09:28:57 +01:00
Dan Čermák
4429b962e1 Fix out of bounds read in src/pngchunk_int.cpp by @brianmay 
- consider that key is advanced by 8 bytes if stripHeader is true
  => length is reduced by same amount
  Fixed by adding offset to the check in the loop
- Rewrote loop so that keysize is checked before the next
  iteration (preventing an out of bounds read)
 2018-01-27 14:51:40 +01:00
Luis Díaz Más
d3748152a7 add _int suffix to all the internal files 2017-11-28 17:36:08 +01:00