xymp
/
exiv2
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: #862 buffer overflow. See bug report discussion item#19.

Browse Source
v0.27.3
Robin Mills 13 years ago
parent 63d14edeb7
commit 6d88d2b78b
4 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File

2
src/matroskavideo.cpp
Unescape Escape View File

@ -562,7 +562,7 @@ namespace Exiv2 {
return;
}
DataBuf buf2(bufMinSize);
DataBuf buf2(bufMinSize+1);
std::memset(buf2.pData_, 0x0, buf2.size_);
long s = static_cast<long>(size) ;
io_->read(buf2.pData_,s);

10
src/quicktimevideo.cpp
Unescape Escape View File

@ -650,7 +650,7 @@ namespace Exiv2 {
void QuickTimeVideo::decodeBlock()
{
const long bufMinSize = 4;
DataBuf buf(bufMinSize);
DataBuf buf(bufMinSize+1);
unsigned long size = 0;
buf.pData_[4] = '\0' ;
@ -946,7 +946,7 @@ namespace Exiv2 {
void QuickTimeVideo::NikonTagsDecoder(unsigned long size_external)
{
uint64_t cur_pos = io_->tell();
DataBuf buf(100), buf2(4);
DataBuf buf(100), buf2(4+1);
unsigned long TagID = 0;
unsigned short dataLength = 0, dataType = 2;
const TagDetails* td, *td2;
@ -1102,7 +1102,7 @@ namespace Exiv2 {
void QuickTimeVideo::setMediaStream()
{
uint64_t current_position = io_->tell();
DataBuf buf(4);
DataBuf buf(4+1);
while(!io_->eof()) {
io_->read(buf.pData_, 4);
@ -1128,7 +1128,7 @@ namespace Exiv2 {
void QuickTimeVideo::timeToSampleDecoder()
{
DataBuf buf(4);
DataBuf buf(4+1);
io_->read(buf.pData_, 4);
io_->read(buf.pData_, 4);
uint64_t noOfEntries, totalframes = 0, timeOfFrames = 0;
@ -1254,7 +1254,7 @@ namespace Exiv2 {
void QuickTimeVideo::multipleEntriesDecoder()
{
DataBuf buf(4);
DataBuf buf(4+1);
io_->read(buf.pData_, 4);
io_->read(buf.pData_, 4);
uint64_t noOfEntries;

18
src/riffvideo.cpp
Unescape Escape View File

@ -536,7 +536,7 @@ namespace Exiv2 {
xmpData_["Xmp.video.MimeType"] = mimeType();
const long bufMinSize = 4;
DataBuf buf(bufMinSize);
DataBuf buf(bufMinSize+1);
buf.pData_[4] = '\0';
io_->read(buf.pData_, bufMinSize);
@ -552,8 +552,8 @@ namespace Exiv2 {
void RiffVideo::decodeBlock()
{
const long bufMinSize = 4;
DataBuf buf(bufMinSize);
DataBuf buf2(bufMinSize);
DataBuf buf(bufMinSize+1);
DataBuf buf2(bufMinSize+1);
unsigned long size = 0;
buf.pData_[4] = '\0' ;
buf2.pData_[4] = '\0' ;
@ -719,7 +719,7 @@ namespace Exiv2 {
void RiffVideo::skipListData()
{
const long bufMinSize = 4;
DataBuf buf(bufMinSize);
DataBuf buf(bufMinSize+1);
buf.pData_[4] = '\0';
io_->seek(-12, BasicIo::cur);
io_->read(buf.pData_, 4);
@ -732,7 +732,7 @@ namespace Exiv2 {
void RiffVideo::nikonTagsHandler()
{
const long bufMinSize = 100;
DataBuf buf(bufMinSize), buf2(4);
DataBuf buf(bufMinSize), buf2(4+1);
buf.pData_[4] = '\0';
io_->seek(-12, BasicIo::cur);
io_->read(buf.pData_, 4);
@ -859,7 +859,7 @@ namespace Exiv2 {
void RiffVideo::junkHandler(long size)
{
const long bufMinSize = size;
DataBuf buf(bufMinSize), buf2(4);
DataBuf buf(bufMinSize+1), buf2(4+1);
std::memset(buf.pData_, 0x0, buf.size_);
buf2.pData_[4] = '\0';
uint64_t cur_pos = io_->tell();
@ -928,7 +928,7 @@ namespace Exiv2 {
void RiffVideo::aviHeaderTagsHandler(long size)
{
const long bufMinSize = 4;
DataBuf buf(bufMinSize);
DataBuf buf(bufMinSize+1);
buf.pData_[4] = '\0';
long width = 0, height = 0, frame_count = 0;
double frame_rate = 1;
@ -974,7 +974,7 @@ namespace Exiv2 {
void RiffVideo::streamHandler(long size)
{
const long bufMinSize = 4;
DataBuf buf(bufMinSize);
DataBuf buf(bufMinSize+1);
buf.pData_[4]='\0';
long divisor = 1;
uint64_t cur_pos = io_->tell();
@ -1038,7 +1038,7 @@ namespace Exiv2 {
void RiffVideo::streamFormatHandler(long size)
{
const long bufMinSize = 4;
DataBuf buf(bufMinSize);
DataBuf buf(bufMinSize+1);
buf.pData_[4] = '\0';
uint64_t cur_pos = io_->tell();

3
test/video-test.sh
Unescape Escape View File

@ -9,6 +9,9 @@
# ----------------------------------------------------------------------
# Setup
export LC_ALL=C
if [ `uname -o` == Cygwin ]; then
export "PATH=$PWD/../msvc:$PATH"
fi
cd tmp/
if [ -z "$EXIV2_BINDIR" ] ; then
bin="$VALGRIND ../../bin"

Write Preview
Loading…
Cancel
Save