Package: exiv2 / 0.24-4.1

CVE-2014-9449.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
From ed36a4692058f745a06d87bdaf107bc43c7d2359 Mon Sep 17 00:00:00 2001
From: badola <badola@b7c8b350-86e7-0310-a4b4-de8f6a8f16a3>
Date: Thu, 19 Jun 2014 20:28:44 +0000
Subject: [PATCH] #960: Added a Buffer Overflow Fix in INFO tags of
 RIFFVIDEO.CPP

git-svn-id: svn://dev.exiv2.org/svn/trunk@3264 b7c8b350-86e7-0310-a4b4-de8f6a8f16a3
---
 src/riffvideo.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/riffvideo.cpp b/src/riffvideo.cpp
index 4545bc3..0dcd291 100644
--- a/src/riffvideo.cpp
+++ b/src/riffvideo.cpp
@@ -856,7 +856,7 @@ namespace Exiv2 {
 
     void RiffVideo::infoTagsHandler()
     {
-        const long bufMinSize = 100;
+        const long bufMinSize = 10000;
         DataBuf buf(bufMinSize);
         buf.pData_[4] = '\0';
         io_->seek(-12, BasicIo::cur);
@@ -879,10 +879,14 @@ namespace Exiv2 {
             if(infoSize >= 0) {
                 size -= infoSize;
                 io_->read(buf.pData_, infoSize);
+                if(infoSize < 4)
+                    buf.pData_[infoSize] = '\0';
             }
 
             if(tv)
                 xmpData_[exvGettext(tv->label_)] = buf.pData_;
+            else
+                continue;
         }
         io_->seek(cur_pos + size_external, BasicIo::beg);
     } // RiffVideo::infoTagsHandler
-- 
2.1.4