xymp
/
exiv2
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix out of bounds read in isValidBoxFileType()

Browse Source
main
Luis Díaz Más 3 years ago committed by Luis Diaz
parent 3b9fcb4b3d
commit d16ca65b01
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
src/jp2image_int.cpp
Unescape Escape View File

@ -11,7 +11,7 @@ namespace Exiv2::Internal {
bool isValidBoxFileType(const std::vector<uint8_t>& boxData) { bool isValidBoxFileType(const std::vector<uint8_t>& boxData) {
// BR & MinV are obligatory (4 + 4 bytes). Afterwards we have N compatibility lists (of size 4) // BR & MinV are obligatory (4 + 4 bytes). Afterwards we have N compatibility lists (of size 4)
if ((boxData.size() - 8u) % 4u != 0) { if (boxData.size() < 8 || ((boxData.size() - 8u) % 4u) != 0) {
return false; return false;
} }

5
unitTests/test_jp2image_int.cpp
Unescape Escape View File

@ -58,6 +58,11 @@ TEST(Jp2_FileTypeBox, withInvalidBoxDataSizeIsInvalid) {
ASSERT_FALSE(isValidBoxFileType(boxData)); ASSERT_FALSE(isValidBoxFileType(boxData));
} }
TEST(Jp2_FileTypeBox, withSmallBoxDataSizeIsInvalid) {
std::vector<std::uint8_t> boxData(7); // Minimum size is 8
ASSERT_FALSE(isValidBoxFileType(boxData));
}
TEST(Jp2_FileTypeBox, with2CLs_lastOneWithBrandValue_isValid) { TEST(Jp2_FileTypeBox, with2CLs_lastOneWithBrandValue_isValid) {
std::vector<std::uint8_t> boxData(16); std::vector<std::uint8_t> boxData(16);
// The first 4 bytes correspond to the BR (Brand). It must have the value 'jp2\040' // The first 4 bytes correspond to the BR (Brand). It must have the value 'jp2\040'

Write Preview
Loading…
Cancel
Save