compat-exiv2-026/exiv2-CVE-2021-31291.patch
2023-02-27 12:30:00 -05:00

27 lines
915 B
Diff

From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001
From: Pydera <pydera@mailbox.org>
Date: Thu, 8 Apr 2021 17:36:16 +0200
Subject: [PATCH] Fix out of buffer access in #1529
---
src/jp2image.cpp | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/jp2image.cpp b/src/jp2image.cpp
index 1892fd4..01a21f2 100644
--- a/src/jp2image.cpp
+++ b/src/jp2image.cpp
@@ -737,9 +737,10 @@ namespace Exiv2
#endif
box.length = io_->size() - io_->tell() + 8;
}
- if (box.length == 1)
+ if (box.length < 8)
{
- // FIXME. Special case. the real box size is given in another place.
+ // box is broken, so there is nothing we can do here
+ throw Error(kerCorruptedMetadata);
}
// Read whole box : Box header + Box data (not fixed size - can be null).