| From 22ea582c6b74ada30bec3a6b15de3c3e52f2b4da Mon Sep 17 00:00:00 2001 |
| From: Robin Mills <robin@clanmills.com> |
| Date: Mon, 5 Apr 2021 20:33:25 +0100 |
| Subject: [PATCH] fix_1522_jp2image_exif_asan |
| |
| --- |
| src/jp2image.cpp | 9 ++++++--- |
| 1 file changed, 6 insertions(+), 3 deletions(-) |
| |
| diff --git a/src/jp2image.cpp b/src/jp2image.cpp |
| index eb31cea4a..88ab9b2d6 100644 |
| --- a/src/jp2image.cpp |
| +++ b/src/jp2image.cpp |
| @@ -28,6 +28,7 @@ |
| #include "image.hpp" |
| #include "image_int.hpp" |
| #include "basicio.hpp" |
| +#include "enforce.hpp" |
| #include "error.hpp" |
| #include "futils.hpp" |
| #include "types.hpp" |
| @@ -353,7 +354,7 @@ static void boxes_check(size_t b,size_t m) |
| if (io_->error()) throw Error(kerFailedToReadImageData); |
| if (bufRead != rawData.size_) throw Error(kerInputDataReadFailed); |
| |
| - if (rawData.size_ > 0) |
| + if (rawData.size_ > 8) // "II*\0long" |
| { |
| // Find the position of Exif header in bytes array. |
| long pos = ( (rawData.pData_[0] == rawData.pData_[1]) |
| @@ -497,6 +498,7 @@ static void boxes_check(size_t b,size_t m) |
| position = io_->tell(); |
| box.length = getLong((byte*)&box.length, bigEndian); |
| box.type = getLong((byte*)&box.type, bigEndian); |
| + enforce(box.length <= io_->size()-io_->tell() , Exiv2::kerCorruptedMetadata); |
| |
| if (bPrint) { |
| out << Internal::stringFormat("%8ld | %8ld | ", (size_t)(position - sizeof(box)), |
| @@ -581,12 +583,13 @@ static void boxes_check(size_t b,size_t m) |
| throw Error(kerInputDataReadFailed); |
| |
| if (bPrint) { |
| - out << Internal::binaryToString(makeSlice(rawData, 0, 40)); |
| + out << Internal::binaryToString( |
| + makeSlice(rawData, 0, rawData.size_>40?40:rawData.size_)); |
| out.flush(); |
| } |
| lf(out, bLF); |
| |
| - if (bIsExif && bRecursive && rawData.size_ > 0) { |
| + if (bIsExif && bRecursive && rawData.size_ > 8) { // "II*\0long" |
| if ((rawData.pData_[0] == rawData.pData_[1]) && |
| (rawData.pData_[0] == 'I' || rawData.pData_[0] == 'M')) { |
| BasicIo::AutoPtr p = BasicIo::AutoPtr(new MemIo(rawData.pData_, rawData.size_)); |