1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
|
From ed36a4692058f745a06d87bdaf107bc43c7d2359 Mon Sep 17 00:00:00 2001
From: badola <badola@b7c8b350-86e7-0310-a4b4-de8f6a8f16a3>
Date: Thu, 19 Jun 2014 20:28:44 +0000
Subject: [PATCH] #960: Added a Buffer Overflow Fix in INFO tags of
RIFFVIDEO.CPP
git-svn-id: svn://dev.exiv2.org/svn/trunk@3264 b7c8b350-86e7-0310-a4b4-de8f6a8f16a3
---
src/riffvideo.cpp | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/riffvideo.cpp b/src/riffvideo.cpp
index 4545bc3..0dcd291 100644
--- a/src/riffvideo.cpp
+++ b/src/riffvideo.cpp
@@ -856,7 +856,7 @@ namespace Exiv2 {
void RiffVideo::infoTagsHandler()
{
- const long bufMinSize = 100;
+ const long bufMinSize = 10000;
DataBuf buf(bufMinSize);
buf.pData_[4] = '\0';
io_->seek(-12, BasicIo::cur);
@@ -879,10 +879,14 @@ namespace Exiv2 {
if(infoSize >= 0) {
size -= infoSize;
io_->read(buf.pData_, infoSize);
+ if(infoSize < 4)
+ buf.pData_[infoSize] = '\0';
}
if(tv)
xmpData_[exvGettext(tv->label_)] = buf.pData_;
+ else
+ continue;
}
io_->seek(cur_pos + size_external, BasicIo::beg);
} // RiffVideo::infoTagsHandler
--
2.1.4
|