fix an integer overflow

This commit is contained in:
Matthias Clasen 2007-05-24 17:32:17 +00:00
parent 56cb56da1e
commit 8ec50f0e12
2 changed files with 28 additions and 1 deletions

View File

@ -0,0 +1,22 @@
Patch to prevent integer overflow that might result in out-of-bound
write in memcpy() #240055
Index: libexif/exif-data.c
===================================================================
RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v
retrieving revision 1.89
retrieving revision 1.90
diff -u -p -r1.89 -r1.90
--- libexif/exif-data.c 9 May 2007 06:09:05 -0000 1.89
+++ libexif/exif-data.c 10 May 2007 14:32:01 -0000 1.90
@@ -179,7 +179,9 @@ exif_data_load_data_entry (ExifData *dat
else
doff = offset + 8;
- /* Sanity check */
+ /* Sanity checks */
+ if ((doff + s < doff) || (doff + s < s))
+ return 0;
if (size < doff + s)
return 0;

View File

@ -1,13 +1,14 @@
Summary: Library for extracting extra information from image files
Name: libexif
Version: 0.6.13
Release: 3%{?dist}
Release: 4%{?dist}
Group: System Environment/Libraries
License: LGPL
URL: http://libexif.sourceforge.net/
Source0: libexif-%{version}.tar.bz2
Source1: libexif-docs.tar.gz
Patch0: libexif-0.6.13-dont-build-docs.patch
Patch1: libexif-integer-overflow.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: doxygen
@ -32,6 +33,7 @@ for writing programs that use libexif.
# and neuter make all in the docs dir
tar xzf %{SOURCE1}
%patch0 -p1 -b .dont-build-docs
%patch1 -p0 -b .integer-overflow
%build
%configure --disable-static --disable-docs
@ -67,6 +69,9 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/pkgconfig/libexif.pc
%changelog
* Thu May 24 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.13-4
- Add patch for CVE-2007-2645.
* Sun Feb 4 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.13-3
- Package review cleanups
- Avoid multilib conflicts by using pregenerated docs