From baf1969ec70a45b09aae89cd127f07985ccb976c Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Sat, 22 Oct 2022 15:54:20 +0100
Subject: [PATCH 1/2] Regression test for
 https://github.com/Exiv2/exiv2/issues/2383

---
 test/data/issue_2383_poc.mp4                      | Bin 0 -> 101 bytes
 tests/bugfixes/github/test_issue_2383.py          |  13 +++++++++++++
 .../regression_tests/test_regression_allfiles.py  |   1 +
 3 files changed, 14 insertions(+)
 create mode 100644 test/data/issue_2383_poc.mp4
 create mode 100644 tests/bugfixes/github/test_issue_2383.py

diff --git a/test/data/issue_2383_poc.mp4 b/test/data/issue_2383_poc.mp4
new file mode 100644
index 0000000000000000000000000000000000000000..4c7f7bc931dce130c9ddcd80c712708fdfc4bab9
GIT binary patch
literal 101
pcmZQzV30^FsVpcgQBe2~gfPIsz~CF2Qj!Ry6`XUO@?qj+(EtNK5jy|?

literal 0
HcmV?d00001

diff --git a/tests/bugfixes/github/test_issue_2383.py b/tests/bugfixes/github/test_issue_2383.py
new file mode 100644
index 00000000..f71f5198
--- /dev/null
+++ b/tests/bugfixes/github/test_issue_2383.py
@@ -0,0 +1,13 @@
+# -*- coding: utf-8 -*-
+
+from system_tests import CaseMeta, check_no_ASAN_UBSAN_errors
+
+class issue_2383_QuickTimeVideo_userDataDecoder_null_deref(metaclass=CaseMeta):
+    url      = "https://github.com/Exiv2/exiv2/issues/2383"
+    filename = "$data_path/issue_2383_poc.mp4"
+    commands = ["$exiv2 $filename"]
+    retval   = [1]
+    stderr   = ["""$exiv2_exception_message $filename:
+$kerCorruptedMetadata
+"""]
+    stdout   = [""]
diff --git a/tests/regression_tests/test_regression_allfiles.py b/tests/regression_tests/test_regression_allfiles.py
index d4fb53b9..eacca4f8 100644
--- a/tests/regression_tests/test_regression_allfiles.py
+++ b/tests/regression_tests/test_regression_allfiles.py
@@ -63,6 +63,7 @@ def get_valid_files(data_dir):
         "issue_2366_poc.mp4",
         "issue_2376_poc.mp4",
         "issue_2377_poc.mp4",
+        "issue_2383_poc.mp4",
         "2018-01-09-exiv2-crash-001.tiff",
         "cve_2017_1000126_stack-oob-read.webp",
         "exiv2-bug1247.jpg",

From 6bb956ad808590ce2321b9ddf6772974da27c4ca Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Sat, 22 Oct 2022 15:55:02 +0100
Subject: [PATCH 2/2] Credit to OSS-Fuzz:
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52382 Avoid null
 pointer deref.

---
 src/quicktimevideo.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/quicktimevideo.cpp b/src/quicktimevideo.cpp
index b3f41373..011b3c29 100644
--- a/src/quicktimevideo.cpp
+++ b/src/quicktimevideo.cpp
@@ -834,6 +834,7 @@ void QuickTimeVideo::userDataDecoder(size_t size_external) {
     }
 
     else if (equalsQTimeTag(buf, "CMbo") || equalsQTimeTag(buf, "Cmbo")) {
+      enforce(tv, Exiv2::ErrorCode::kerCorruptedMetadata);
       io_->readOrThrow(buf.data(), 2);
       buf.data()[2] = '\0';
       tv_internal = find(cameraByteOrderTags, Exiv2::toString(buf.data()));