void-packages/srcpkgs/jhead/patches/CVE-2018-16554.patch

20 lines
555 B
Diff

From: Ludovic Rousseau <rousseau@debian.org>
Date: Sat Sep 8 16:19:07 CEST 2018
Subject: fix heap buffer overflow
Bug-Debian: https://bugs.debian.org/908176
Description: Fix CVE-2018-16554
--- gpsinfo.c
+++ gpsinfo.c
@@ -162,7 +162,8 @@
break;
case TAG_GPS_ALT:
- sprintf(ImageInfo.GpsAlt + 1, "%.2fm",
+ snprintf(ImageInfo.GpsAlt + 1, sizeof(ImageInfo.GpsAlt) -1,
+ "%.2fm",
ConvertAnyFormat(ValuePtr, Format));
break;
}