xymp
/
exiv2
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use safe add to prevent overflow

Browse Source 
Co-authored-by: Kevin Backhouse <kevinbackhouse@github.com>

Use safe add to prevent overflow

Co-authored-by: Kevin Backhouse <kevinbackhouse@github.com>
main
Miloš Komarčević 3 years ago committed by Miloš Komarčević
parent 23cdcc48d7
commit a58e52ed70
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File

4
src/bmffimage.cpp
Unescape Escape View File

@ -516,8 +516,8 @@ uint64_t BmffImage::boxHandler(std::ostream& out /* = std::cout*/, Exiv2::PrintS
DataBuf arr; DataBuf arr;
brotliUncompress(data.c_data(4), data.size() - 4, arr); brotliUncompress(data.c_data(4), data.size() - 4, arr);
if (realType == TAG_exif) { if (realType == TAG_exif) {
uint32_t offset = arr.read_uint32(0, endian_) + 4; uint32_t offset = Safe::add(arr.read_uint32(0, endian_), 4u);
enforce(offset + 4 < arr.size(), Exiv2::ErrorCode::kerCorruptedMetadata); enforce(Safe::add(offset, 4u) < arr.size(), Exiv2::ErrorCode::kerCorruptedMetadata);
Internal::TiffParserWorker::decode(exifData(), iptcData(), xmpData(), arr.c_data(offset), arr.size() - offset, Internal::TiffParserWorker::decode(exifData(), iptcData(), xmpData(), arr.c_data(offset), arr.size() - offset,
Internal::Tag::root, Internal::TiffMapping::findDecoder); Internal::Tag::root, Internal::TiffMapping::findDecoder);
} else if (realType == TAG_xml) { } else if (realType == TAG_xml) {

Write Preview
Loading…
Cancel
Save