Blame - meta-openembedded/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29458.patch - openbmc/openbmc

blob: 285f6fe4ced01b6a8fbfb317f5409f18cebad44c [file] [log] [blame]

William A. Kennington III	b95905d	2021-06-02 12:40:56 -0700	[diff] [blame]	1	From 9b7a19f957af53304655ed1efe32253a1b11a8d0 Mon Sep 17 00:00:00 2001
				2	From: Kevin Backhouse <kevinbackhouse@github.com>
				3	Date: Fri, 9 Apr 2021 13:37:48 +0100
				4	Subject: [PATCH] Fix integer overflow.
				5	---
				6	src/crwimage_int.cpp \| 8 ++++++--
				7	1 file changed, 6 insertions(+), 2 deletions(-)
				8
				9	diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
				10	index aefaf22..2e3e507 100644
				11	--- a/src/crwimage_int.cpp
				12	+++ b/src/crwimage_int.cpp
				13	@@ -559,7 +559,7 @@ namespace Exiv2 {
				14	void CiffComponent::setValue(DataBuf buf)
				15	{
				16	if (isAllocated_) {
				17	- delete pData_;
				18	+ delete[] pData_;
				19	pData_ = 0;
				20	size_ = 0;
				21	}
				22	@@ -1167,7 +1167,11 @@ namespace Exiv2 {
				23	pCrwMapping->crwDir_);
				24	if (edX != edEnd \|\| edY != edEnd \|\| edO != edEnd) {
				25	uint32_t size = 28;
				26	- if (cc && cc->size() > size) size = cc->size();
				27	+ if (cc) {
				28	+ if (cc->size() < size)
				29	+ throw Error(kerCorruptedMetadata);
				30	+ size = cc->size();
				31	+ }
				32	DataBuf buf(size);
				33	std::memset(buf.pData_, 0x0, buf.size_);
				34	if (cc) std::memcpy(buf.pData_ + 8, cc->pData() + 8, cc->size() - 8);
				35	--
				36	2.25.1
				37