Prevent infinite recursion

2005-05-06 18:29:45 +00:00 · 2005-05-06 18:29:45 +00:00 · eab3779160
commit eab3779160
parent f18224aa48
2 changed files with 75 additions and 0 deletions
--- a/libexif-0.6.12-recurse.patch
+++ b/libexif-0.6.12-recurse.patch
@ -0,0 +1,70 @@
+--- libexif-0.6.12/libexif/exif-data.c.recurse	2005-05-06 13:35:17.610294000 -0400
+++ libexif-0.6.12/libexif/exif-data.c	2005-05-06 13:37:35.112654000 -0400
+@@ -284,9 +284,10 @@
+ }
+ 
+ static void
+-exif_data_load_data_content (ExifData *data, ExifContent *ifd,
+-			     const unsigned char *d,
+-			     unsigned int ds, unsigned int offset)
+exif_data_load_data_content_recurse (ExifData *data, ExifContent *ifd,
+				     const unsigned char *d,
+				     unsigned int ds, unsigned int offset,
+				     unsigned int level)
+ {
+ 	ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
+ 	ExifShort n;
+@@ -296,6 +297,13 @@
+ 
+ 	if (!data || !data->priv) return;
+ 
+	if (level > 150)
+	  {
+	    exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
+		      "Deep recursion in exif_data_load_data_content");
+	    return 0;
+	  }
+
+ 	/* Read the number of entries */
+ 	if (offset >= ds - 1) return;
+ 	n = exif_get_short (d + offset, data->priv->order);
+@@ -320,18 +328,18 @@
+ 			switch (tag) {
+ 			case EXIF_TAG_EXIF_IFD_POINTER:
+ 				CHECK_REC (EXIF_IFD_EXIF);
+-				exif_data_load_data_content (data,
+-					data->ifd[EXIF_IFD_EXIF], d, ds, o);
+				exif_data_load_data_content_recurse (data,
+					data->ifd[EXIF_IFD_EXIF], d, ds, o, level + 1);
+ 				break;
+ 			case EXIF_TAG_GPS_INFO_IFD_POINTER:
+ 				CHECK_REC (EXIF_IFD_GPS);
+-				exif_data_load_data_content (data,
+-					data->ifd[EXIF_IFD_GPS], d, ds, o);
+				exif_data_load_data_content_recurse (data,
+					data->ifd[EXIF_IFD_GPS], d, ds, o, level + 1);
+ 				break;
+ 			case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
+ 				CHECK_REC (EXIF_IFD_INTEROPERABILITY);
+-				exif_data_load_data_content (data,
+-					data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o);
+				exif_data_load_data_content_recurse (data,
+					data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o, level + 1);
+ 				break;
+ 			case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
+ 				thumbnail_offset = o;
+@@ -373,6 +381,14 @@
+ }
+ 
+ static void
+exif_data_load_data_content (ExifData *data, ExifContent *ifd,
+			     const unsigned char *d,
+			     unsigned int ds, unsigned int offset)
+{
+  exif_data_load_data_content_recurse (data, ifd, d, ds, offset, 0);
+}
+
+static void
+ exif_data_save_data_content (ExifData *data, ExifContent *ifd,
+ 			     unsigned char **d, unsigned int *ds,
+ 			     unsigned int offset)
--- a/libexif.spec
+++ b/libexif.spec
@ -11,6 +11,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
 Patch0: libexif-0.6.12-gcc4.patch
 # fixed in libexif CVS
 Patch1: libexif-0.6.12-odd.patch
+Patch2: libexif-0.6.12-recurse.patch

 %description
 Most digital cameras produce EXIF files, which are JPEG files with
@ -30,6 +31,7 @@ for writing programs that use libexif.
 %setup -q
 %patch0 -p1 -b .gcc4
 %patch1 -p1 -b .odd
+%patch2 -p1 -b .recurse

 %build
 %configure
@ -61,6 +63,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/libexif.pc

 %changelog
+* Fri May  6 2005 Matthias Clasen <mclasen@redhat.com>
+- Prevent infinite recursion (#156365)
+
 * Sun Apr 24 2005 Matthias Clasen <mclasen@redhat.com>
 - Fix MakerNote handling (#153282)