Package: exiv2 / 0.25-3.1+deb9u1

CVE-2018-11531_2_of_3.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
From 863aaebc92ff0b0ee3d302b7b5291002c043bc7b Mon Sep 17 00:00:00 2001
From: Luis Diaz Mas <piponazo@gmail.com>
Date: Fri, 25 May 2018 22:16:25 +0200
Subject: [PATCH] Use index to access buf.pData_

(cherry picked from commit 863aaebc92ff0b0ee3d302b7b5291002c043bc7b)
[rcs: Backported to stretch]
---
 src/preview.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- exiv2-stretch.git.orig/src/preview.cpp
+++ exiv2-stretch.git/src/preview.cpp
@@ -806,13 +806,13 @@
                 else {
                     // FIXME: the buffer is probably copied twice, it should be optimized
                     DataBuf buf(size_);
-                    Exiv2::byte* pos = buf.pData_;
+                    uint32_t idxBuf = 0;
                     for (int i = 0; i < sizes.count(); i++) {
                         uint32_t offset = dataValue.toLong(i);
                         uint32_t size = sizes.toLong(i);
                         if (size!=0 && offset + size <= static_cast<uint32_t>(io.size()))
-                            memcpy(pos, base + offset, size);
-                        pos += size;
+                            memcpy(&buf.pData_[idxBuf], base + offset, size);
+                        idxBuf += size;
                     }
                     dataValue.setDataArea(buf.pData_, buf.size_);
                 }