xymp
/
exiv2
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix incorrect loop condition (#1752)

Browse Source
main
Kevin Backhouse 4 years ago committed by Christoph Hasse
parent 5ab3f2b0c5
commit d30c95d07e
4 changed files with 24 additions and 7 deletions
Show Stats Download Patch File Download Diff File

2
src/jp2image.cpp
Unescape Escape View File

@ -655,7 +655,7 @@ static void boxes_check(size_t b,size_t m)
auto p = reinterpret_cast<char*>(boxBuf.pData_); auto p = reinterpret_cast<char*>(boxBuf.pData_);
bool bWroteColor = false ; bool bWroteColor = false ;
while ( count < length || !bWroteColor ) { while ( count < length && !bWroteColor ) {
enforce(sizeof(Jp2BoxHeader) <= length - count, Exiv2::kerCorruptedMetadata); enforce(sizeof(Jp2BoxHeader) <= length - count, Exiv2::kerCorruptedMetadata);
auto pSubBox = reinterpret_cast<Jp2BoxHeader*>(p + count); auto pSubBox = reinterpret_cast<Jp2BoxHeader*>(p + count);

BIN
test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2
View File

Binary file not shown.

11
tests/bugfixes/github/test_issue_ghsa_8949_hhfh_j7rj.py
Unescape Escape View File

@ -1,7 +1,7 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
from system_tests import CaseMeta, path from system_tests import CaseMeta, CopyTmpFiles, path
@CopyTmpFiles("$data_path/issue_ghsa_8949_hhfh_j7rj_poc.jp2","$data_path/issue_ghsa_8949_hhfh_j7rj_poc.exv")
class Jp2ImageEncodeJp2HeaderOutOfBoundsRead(metaclass=CaseMeta): class Jp2ImageEncodeJp2HeaderOutOfBoundsRead(metaclass=CaseMeta):
""" """
@ -10,13 +10,12 @@ class Jp2ImageEncodeJp2HeaderOutOfBoundsRead(metaclass=CaseMeta):
""" """
url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj" url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj"
filename1 = path("$data_path/issue_ghsa_8949_hhfh_j7rj_poc.jp2") filename1 = path("$tmp_path/issue_ghsa_8949_hhfh_j7rj_poc.jp2")
filename2 = path("$data_path/issue_ghsa_8949_hhfh_j7rj_poc.exv") filename2 = path("$tmp_path/issue_ghsa_8949_hhfh_j7rj_poc.exv")
commands = ["$exiv2 in $filename1"] commands = ["$exiv2 in $filename1"]
stdout = [""] stdout = [""]
stderr = [ stderr = [
"""Error: XMP Toolkit error 201: XML parsing failure """Error: XMP Toolkit error 201: XML parsing failure
Warning: Failed to decode XMP metadata. Warning: Failed to decode XMP metadata.
$filename1: Could not write metadata to file: $kerCorruptedMetadata
"""] """]
retval = [1] retval = [0]

18
tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py
Unescape Escape View File

@ -0,0 +1,18 @@
# -*- coding: utf-8 -*-
from system_tests import CaseMeta, CopyTmpFiles, path, check_no_ASAN_UBSAN_errors
@CopyTmpFiles("$data_path/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2")
class Jp2ImageEncodeJp2HeaderOutOfBoundsRead2(metaclass=CaseMeta):
"""
Regression test for the bug described in:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v
"""
url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v"
filename = path("$tmp_path/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2")
commands = ["$exiv2 rm $filename"]
stdout = [""]
retval = [0]
compare_stderr = check_no_ASAN_UBSAN_errors
Write Preview
Loading…
Cancel
Save