diff options
Diffstat (limited to 'meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch')
-rw-r--r-- | meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch new file mode 100644 index 000000000..e5d069487 --- /dev/null +++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29457.patch | |||
@@ -0,0 +1,26 @@ | |||
1 | From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001 | ||
2 | From: Pydera <pydera@mailbox.org> | ||
3 | Date: Thu, 8 Apr 2021 17:36:16 +0200 | ||
4 | Subject: [PATCH] Fix out of buffer access in #1529 | ||
5 | |||
6 | --- | ||
7 | src/jp2image.cpp | 5 +++-- | ||
8 | 1 file changed, 3 insertions(+), 2 deletions(-) | ||
9 | |||
10 | diff --git a/src/jp2image.cpp b/src/jp2image.cpp | ||
11 | index 88ab9b2d6..12025f966 100644 | ||
12 | --- a/src/jp2image.cpp | ||
13 | +++ b/src/jp2image.cpp | ||
14 | @@ -776,9 +776,10 @@ static void boxes_check(size_t b,size_t m) | ||
15 | #endif | ||
16 | box.length = (uint32_t) (io_->size() - io_->tell() + 8); | ||
17 | } | ||
18 | - if (box.length == 1) | ||
19 | + if (box.length < 8) | ||
20 | { | ||
21 | - // FIXME. Special case. the real box size is given in another place. | ||
22 | + // box is broken, so there is nothing we can do here | ||
23 | + throw Error(kerCorruptedMetadata); | ||
24 | } | ||
25 | |||
26 | // Read whole box : Box header + Box data (not fixed size - can be null). | ||