rpms/libexif
7
0
Fork 0
Code Issues Pull Requests Releases Activity
8f4c75d446
libexif/fixed-2-unsigned-integer-underflows.patch
Jan Grulich 8f4c75d446 Backport several CVE fixes 
It fixes CVE-2026-40386 and CVE-2026-40385.

Resolves: RHEL-170254, RHEL-170235
2026-05-07 08:22:21 +00:00

42 lines
1.6 KiB
Diff
Raw Blame History

From dc6eac6e9655d14d0779d99e82d0f5f442d2f34b Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.de>
Date: Thu, 2 Apr 2026 13:26:31 +0200
Subject: [PATCH] fixed 2 unsigned integer underflows
this could cause crashes or data leaks.
Reported-by: Kerwin <kerwinxia66001@gmail.com>
---
libexif/fuji/exif-mnote-data-fuji.c | 2 +-
libexif/olympus/exif-mnote-data-olympus.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libexif/fuji/exif-mnote-data-fuji.c b/libexif/fuji/exif-mnote-data-fuji.c
index c28c541..2dcb877 100644
--- a/libexif/fuji/exif-mnote-data-fuji.c
+++ b/libexif/fuji/exif-mnote-data-fuji.c
@@ -70,7 +70,7 @@ exif_mnote_data_fuji_get_value (ExifMnoteData *d, unsigned int i, char *val, uns
ExifMnoteDataFuji *n = (ExifMnoteDataFuji *) d;
if (!d || !val) return NULL;
- if (i > n->count -1) return NULL;
+ if (i >= n->count) return NULL;
/*
exif_log (d->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataFuji",
"Querying value for tag '%s'...",
diff --git a/libexif/olympus/exif-mnote-data-olympus.c b/libexif/olympus/exif-mnote-data-olympus.c
index a57af17..428f365 100644
--- a/libexif/olympus/exif-mnote-data-olympus.c
+++ b/libexif/olympus/exif-mnote-data-olympus.c
@@ -78,7 +78,7 @@ exif_mnote_data_olympus_get_value (ExifMnoteData *d, unsigned int i, char *val,
ExifMnoteDataOlympus *n = (ExifMnoteDataOlympus *) d;
if (!d || !val) return NULL;
- if (i > n->count -1) return NULL;
+ if (i >= n->count) return NULL;
/*
exif_log (d->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus",
"Querying value for tag '%s'...",
--
2.53.0
Reference in New Issue View Git Blame Copy Permalink