27 lines
915 B
Diff
27 lines
915 B
Diff
From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001
|
|
From: Pydera <pydera@mailbox.org>
|
|
Date: Thu, 8 Apr 2021 17:36:16 +0200
|
|
Subject: [PATCH] Fix out of buffer access in #1529
|
|
|
|
---
|
|
src/jp2image.cpp | 5 +++--
|
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/jp2image.cpp b/src/jp2image.cpp
|
|
index 1892fd4..01a21f2 100644
|
|
--- a/src/jp2image.cpp
|
|
+++ b/src/jp2image.cpp
|
|
@@ -737,9 +737,10 @@ namespace Exiv2
|
|
#endif
|
|
box.length = io_->size() - io_->tell() + 8;
|
|
}
|
|
- if (box.length == 1)
|
|
+ if (box.length < 8)
|
|
{
|
|
- // FIXME. Special case. the real box size is given in another place.
|
|
+ // box is broken, so there is nothing we can do here
|
|
+ throw Error(kerCorruptedMetadata);
|
|
}
|
|
|
|
// Read whole box : Box header + Box data (not fixed size - can be null).
|