From 67ec90bdabf58f62a4719feb3f1350f84c4f3b6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= Date: Mon, 3 Sep 2018 21:16:02 +0200 Subject: [PATCH] Fix switch value in BigTiffImage::readData This function extracts a 2, 4 or 8 byte integer from the image and swaps it according to the current setting. However, it was implicitly assuming, that it reads the same amount from the image is is requested. If that is not the case, e.g. if 8 bytes are requested but only 4 are read => result is created via byteSwap8() which reads 8 bytes !but 4 of those are uninitialized! Using the actually read size fixes this problem. --- src/bigtiffimage.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/bigtiffimage.cpp b/src/bigtiffimage.cpp index 2672ba07..e3468bdc 100644 --- a/src/bigtiffimage.cpp +++ b/src/bigtiffimage.cpp @@ -416,13 +416,13 @@ namespace Exiv2 uint64_t result = 0; - if (size == 1) - {} - else if (size == 2) + if (data.size_ == 1) + {} + else if (data.size_ == 2) result = byteSwap2(data, 0, doSwap_); - else if (size == 4) + else if (data.size_ == 4) result = byteSwap4(data, 0, doSwap_); - else if (size == 8) + else if (data.size_ == 8) result = byteSwap8(data, 0, doSwap_); else throw Exiv2::Error(kerCorruptedMetadata);