void-packages/srcpkgs/jhead/patches/CVE-2018-17088.patch

27 lines
923 B
Diff

From: Ludovic Rousseau <rousseau@debian.org>
Date: Wed Sep 5 15:32:00 CEST 2018
Subject: Fix heap buffer overflow
Bug-Debian: http://bugs.debian.org/907925
Description: Fix CVE-2018-17088
--- gpsinfo.c
+++ gpsinfo.c
@@ -4,6 +4,7 @@
// Matthias Wandel, Dec 1999 - Dec 2002
//--------------------------------------------------------------------------
#include "jhead.h"
+#include <stdint.h>
#define MAX_GPS_TAG 0x1e
@@ -101,7 +102,7 @@
unsigned OffsetVal;
OffsetVal = Get32u(DirEntry+8);
// If its bigger than 4 bytes, the dir entry contains an offset.
- if (OffsetVal+ByteCount > ExifLength){
+ if (OffsetVal > UINT32_MAX - ByteCount || OffsetVal+ByteCount > ExifLength){
// Bogus pointer offset and / or bytecount value
ErrNonfatal("Illegal value pointer for Exif gps tag %04x", Tag,0);
continue;