Package: jhead / 1:3.06.0.1-2

02_exif.c Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
From: Ludovic Rousseau <rousseau@debian.org>
Description: Fix crash due to out-of-bounds access
Bug: https://github.com/Matthias-Wandel/jhead/issues/37
Bug-Debian: https://bugs.debian.org/967924, https://bugs.debian.org/967971

Index: jhead-3.06.0.1/exif.c
===================================================================
--- jhead-3.06.0.1.orig/exif.c
+++ jhead-3.06.0.1/exif.c
@@ -26,6 +26,7 @@ typedef struct {
     char * Desc;
 }TagTable_t;
 
+#define min(a, b) ((a)<(b) ? (a) : (b))
 
 //--------------------------------------------------------------------------
 // Table of Jpeg encoding process names
@@ -1066,7 +1067,8 @@ void process_EXIF (unsigned char * ExifS
         printf("Map: %05d- End of exif\n",length-8);
         for (a=0;a<length-8;a+= 10){
             printf("Map: %05d ",a);
-            for (b=0;b<10;b++) printf(" %02x",*(ExifSection+8+a+b));
+            for (b=0;b<min(10, length-8-a);b++)
+				printf(" %02x",*(ExifSection+8+a+b));
             printf("\n");
         }
     }