Prevent infinite recursion
This commit is contained in:
parent
f18224aa48
commit
eab3779160
70
libexif-0.6.12-recurse.patch
Normal file
70
libexif-0.6.12-recurse.patch
Normal file
@ -0,0 +1,70 @@
|
||||
--- libexif-0.6.12/libexif/exif-data.c.recurse 2005-05-06 13:35:17.610294000 -0400
|
||||
+++ libexif-0.6.12/libexif/exif-data.c 2005-05-06 13:37:35.112654000 -0400
|
||||
@@ -284,9 +284,10 @@
|
||||
}
|
||||
|
||||
static void
|
||||
-exif_data_load_data_content (ExifData *data, ExifContent *ifd,
|
||||
- const unsigned char *d,
|
||||
- unsigned int ds, unsigned int offset)
|
||||
+exif_data_load_data_content_recurse (ExifData *data, ExifContent *ifd,
|
||||
+ const unsigned char *d,
|
||||
+ unsigned int ds, unsigned int offset,
|
||||
+ unsigned int level)
|
||||
{
|
||||
ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
|
||||
ExifShort n;
|
||||
@@ -296,6 +297,13 @@
|
||||
|
||||
if (!data || !data->priv) return;
|
||||
|
||||
+ if (level > 150)
|
||||
+ {
|
||||
+ exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
|
||||
+ "Deep recursion in exif_data_load_data_content");
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
/* Read the number of entries */
|
||||
if (offset >= ds - 1) return;
|
||||
n = exif_get_short (d + offset, data->priv->order);
|
||||
@@ -320,18 +328,18 @@
|
||||
switch (tag) {
|
||||
case EXIF_TAG_EXIF_IFD_POINTER:
|
||||
CHECK_REC (EXIF_IFD_EXIF);
|
||||
- exif_data_load_data_content (data,
|
||||
- data->ifd[EXIF_IFD_EXIF], d, ds, o);
|
||||
+ exif_data_load_data_content_recurse (data,
|
||||
+ data->ifd[EXIF_IFD_EXIF], d, ds, o, level + 1);
|
||||
break;
|
||||
case EXIF_TAG_GPS_INFO_IFD_POINTER:
|
||||
CHECK_REC (EXIF_IFD_GPS);
|
||||
- exif_data_load_data_content (data,
|
||||
- data->ifd[EXIF_IFD_GPS], d, ds, o);
|
||||
+ exif_data_load_data_content_recurse (data,
|
||||
+ data->ifd[EXIF_IFD_GPS], d, ds, o, level + 1);
|
||||
break;
|
||||
case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
|
||||
CHECK_REC (EXIF_IFD_INTEROPERABILITY);
|
||||
- exif_data_load_data_content (data,
|
||||
- data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o);
|
||||
+ exif_data_load_data_content_recurse (data,
|
||||
+ data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o, level + 1);
|
||||
break;
|
||||
case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
|
||||
thumbnail_offset = o;
|
||||
@@ -373,6 +381,14 @@
|
||||
}
|
||||
|
||||
static void
|
||||
+exif_data_load_data_content (ExifData *data, ExifContent *ifd,
|
||||
+ const unsigned char *d,
|
||||
+ unsigned int ds, unsigned int offset)
|
||||
+{
|
||||
+ exif_data_load_data_content_recurse (data, ifd, d, ds, offset, 0);
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
exif_data_save_data_content (ExifData *data, ExifContent *ifd,
|
||||
unsigned char **d, unsigned int *ds,
|
||||
unsigned int offset)
|
@ -11,6 +11,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
|
||||
Patch0: libexif-0.6.12-gcc4.patch
|
||||
# fixed in libexif CVS
|
||||
Patch1: libexif-0.6.12-odd.patch
|
||||
Patch2: libexif-0.6.12-recurse.patch
|
||||
|
||||
%description
|
||||
Most digital cameras produce EXIF files, which are JPEG files with
|
||||
@ -30,6 +31,7 @@ for writing programs that use libexif.
|
||||
%setup -q
|
||||
%patch0 -p1 -b .gcc4
|
||||
%patch1 -p1 -b .odd
|
||||
%patch2 -p1 -b .recurse
|
||||
|
||||
%build
|
||||
%configure
|
||||
@ -61,6 +63,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_libdir}/pkgconfig/libexif.pc
|
||||
|
||||
%changelog
|
||||
* Fri May 6 2005 Matthias Clasen <mclasen@redhat.com>
|
||||
- Prevent infinite recursion (#156365)
|
||||
|
||||
* Sun Apr 24 2005 Matthias Clasen <mclasen@redhat.com>
|
||||
- Fix MakerNote handling (#153282)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user