- Add libexif-0.5.12-buffer-overflow.patch

libexif-0.5.12-buffer-overflow.patch

@@ -0,0 +1,30 @@
+--- libexif-0.5.12/libexif/exif-data.c.buffer-overflow	2005-03-08 05:24:31.000000000 -0500
++++ libexif-0.5.12/libexif/exif-data.c	2005-03-08 05:26:30.000000000 -0500
+@@ -551,7 +551,7 @@
+ #endif
+ 
+ 	/* Byte order (offset 6, length 2) */
+-	if (size < 12)
++	if (size < 14)
+ 		return;
+ 	if (!memcmp (d + 6, "II", 2))
+ 		data->priv->order = EXIF_BYTE_ORDER_INTEL;
+@@ -570,12 +570,18 @@
+ 	printf ("IFD 0 at %i.\n", (int) offset);
+ #endif
+ 
++	if (ds < 6 + 4 + offset)
++		return;
++
+ 	/* Parse the actual exif data (offset 14) */
+ 	exif_data_load_data_content (data, data->ifd[EXIF_IFD_0], d + 6,
+ 				     size - 6, offset);
+ 
+ 	/* IFD 1 offset */
+ 	n = exif_get_short (d + 6 + offset, data->priv->order);
++	if (ds < 6 + offset + 2 + 12 * n + 4)
++		return;
++
+ 	offset = exif_get_long (d + 6 + offset + 2 + 12 * n, data->priv->order);
+ 	if (offset) {
+ #ifdef DEBUG

libexif.spec

@@ -8,6 +8,8 @@ URL: http://libexif.sourceforge.net/
 Source0: http://umn.dl.sourceforge.net/sourceforge/libexif/%{name}-%{version}.tar.gz
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
 
+Patch0: libexif-0.5.12-buffer-overflow.patch 
+
 %description
 Most digital cameras produce EXIF files, which are JPEG files with
 extra tags that contain information about the image. The EXIF library
@@ -25,6 +27,8 @@ for writing programs that use libexif.
 %prep
 %setup -q
 
+%patch0 -p1 -b .buffer-overflow
+
 %build
 %configure
 make %{?_smp_mflags}
@@ -55,6 +59,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/libexif.pc
 
 %changelog
+* Tue Mar  8 2005 Marco Pesenti Gritti <mpg@redhat.com>
+- Add libexif-0.5.12-buffer-overflow.patch 
+
 * Wed Mar  2 2005 Matthias Clasen <mclasen@redhat.com> 
 - Rebuild with gcc4