50 lines
1.7 KiB
Diff
50 lines
1.7 KiB
Diff
From 0a91b56616404f7b29ca28deb01ce18b767d1871 Mon Sep 17 00:00:00 2001
|
|
From: Kevin Backhouse <kevinbackhouse@github.com>
|
|
Date: Fri, 9 Apr 2021 13:26:23 +0100
|
|
Subject: [PATCH 1/5] Fix incorrect delete.
|
|
|
|
---
|
|
src/crwimage_int.cpp | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
|
|
index a44a67e2c..6f89fa8b8 100644
|
|
--- a/src/crwimage_int.cpp
|
|
+++ b/src/crwimage_int.cpp
|
|
@@ -579,7 +579,7 @@ namespace Exiv2 {
|
|
void CiffComponent::setValue(DataBuf buf)
|
|
{
|
|
if (isAllocated_) {
|
|
- delete pData_;
|
|
+ delete[] pData_;
|
|
pData_ = 0;
|
|
size_ = 0;
|
|
}
|
|
|
|
From 9b7a19f957af53304655ed1efe32253a1b11a8d0 Mon Sep 17 00:00:00 2001
|
|
From: Kevin Backhouse <kevinbackhouse@github.com>
|
|
Date: Fri, 9 Apr 2021 13:37:48 +0100
|
|
Subject: [PATCH 3/5] Fix integer overflow.
|
|
|
|
---
|
|
src/crwimage_int.cpp | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
|
|
index 6f89fa8b8..7b958c26f 100644
|
|
--- a/src/crwimage_int.cpp
|
|
+++ b/src/crwimage_int.cpp
|
|
@@ -1187,7 +1187,11 @@ namespace Exiv2 {
|
|
pCrwMapping->crwDir_);
|
|
if (edX != edEnd || edY != edEnd || edO != edEnd) {
|
|
uint32_t size = 28;
|
|
- if (cc && cc->size() > size) size = cc->size();
|
|
+ if (cc) {
|
|
+ if (cc->size() < size)
|
|
+ throw Error(kerCorruptedMetadata);
|
|
+ size = cc->size();
|
|
+ }
|
|
DataBuf buf(size);
|
|
std::memset(buf.pData_, 0x0, buf.size_);
|
|
if (cc) std::memcpy(buf.pData_ + 8, cc->pData() + 8, cc->size() - 8);
|