From 64e05c0a7a75cfc9b53140e93d29fec2d8adb901 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Walenciak?= Date: Wed, 4 Oct 2017 22:46:20 +0200 Subject: [PATCH 1/4] improving fixes for #55 and #56 --- src/bigtiffimage.cpp | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/src/bigtiffimage.cpp b/src/bigtiffimage.cpp index b1dcd27a..ce1efb6c 100644 --- a/src/bigtiffimage.cpp +++ b/src/bigtiffimage.cpp @@ -226,13 +226,24 @@ namespace Exiv2 : is8ByteType(type) ? 8 : 1; - // #55 memory allocation crash test/data/POC8 - long long allocate = (long long) size*count + pad; - if ( allocate > (long long) io.size() ) { - throw Error(57); - } + // #55 and #56 memory allocation crash test/data/POC8 - DataBuf buf((long)allocate); + // size * count > std::numeric_limits::max() + // => + // size > std::numeric_limits::max() / count + if (size > std::numeric_limits::max() / count) + throw Error(57); // we got number bigger than 2^64 + // more than we can handle + + if (size * count > std::numeric_limits::max() - pad) + throw Error(57); // again more than 2^64 + + const uint64_t allocate = size*count + pad; + if ( allocate > io.size() ) { + throw Error(57); + } + + DataBuf buf(allocate); const uint64_t offset = header_.format() == Header::StandardTiff? byteSwap4(data, 0, doSwap_): From b1a5d615c56a79111ab624f0dd7b7301750bc542 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Walenciak?= Date: Wed, 4 Oct 2017 22:46:43 +0200 Subject: [PATCH 2/4] removing debug message --- src/bigtiffimage.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/src/bigtiffimage.cpp b/src/bigtiffimage.cpp index ce1efb6c..d45a7abb 100644 --- a/src/bigtiffimage.cpp +++ b/src/bigtiffimage.cpp @@ -324,7 +324,6 @@ namespace Exiv2 byteSwap8(buf, k*size, doSwap_): byteSwap4(buf, k*size, doSwap_); - std::cerr << "tag = " << Internal::stringFormat("%#x",tag) << std::endl; printIFD(out, option, ifdOffset, depth); io.seek(restore, BasicIo::beg); } From 2402a693fde6e58d294c029befa8d7fa831a8ac7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Walenciak?= Date: Fri, 6 Oct 2017 11:27:46 +0200 Subject: [PATCH 3/4] adding missing include for numeric_limits --- src/bigtiffimage.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/bigtiffimage.cpp b/src/bigtiffimage.cpp index d45a7abb..4b5e3239 100644 --- a/src/bigtiffimage.cpp +++ b/src/bigtiffimage.cpp @@ -2,6 +2,7 @@ #include "bigtiffimage.hpp" #include +#include #include "exif.hpp" #include "image_int.hpp" From 2e535d8a27acbcd8aca6fdcfaa22d9213dae43bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Walenciak?= Date: Sat, 7 Oct 2017 08:57:27 +0200 Subject: [PATCH 4/4] trying to fix windows build --- include/exiv2/config.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/exiv2/config.h b/include/exiv2/config.h index 2e857b49..e8034a22 100644 --- a/include/exiv2/config.h +++ b/include/exiv2/config.h @@ -81,6 +81,8 @@ typedef int pid_t; #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif + +#define NOMINMAX #include #endif // _MSC_VER