From e07c3771daeea18ba68bf05cf7e37b5c967997c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= Date: Sun, 27 Feb 2022 12:42:08 +0100 Subject: [PATCH] Fix more issues found by fuzzer --- src/bmffimage.cpp | 4 ++-- src/pngimage.cpp | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/bmffimage.cpp b/src/bmffimage.cpp index 41fb8d82..b361cffc 100644 --- a/src/bmffimage.cpp +++ b/src/bmffimage.cpp @@ -303,8 +303,8 @@ namespace Exiv2 std::string id; // Check that the string has a '\0' terminator. const char* str = data.c_str(skip); - const auto maxlen = static_cast(data.size() - skip); - enforce(strnlen(str, maxlen) < maxlen, Exiv2::kerCorruptedMetadata); + const size_t maxlen = data.size() - skip; + enforce(maxlen > 0 && strnlen(str, maxlen) < maxlen, Exiv2::kerCorruptedMetadata); std::string name(str); if (name.find("Exif") != std::string::npos) { // "Exif" or "ExifExif" exifID_ = ID; diff --git a/src/pngimage.cpp b/src/pngimage.cpp index 3db06f30..5dc0f9e3 100644 --- a/src/pngimage.cpp +++ b/src/pngimage.cpp @@ -701,14 +701,15 @@ namespace Exiv2 { } else if (!strcmp(szChunk, "tEXt") || !strcmp(szChunk, "zTXt") || !strcmp(szChunk, "iTXt") || !strcmp(szChunk, "iCCP")) { DataBuf key = PngChunk::keyTXTChunk(chunkBuf, true); - if (compare("Raw profile type exif", key, 21) || + if (key.empty() == false && ( + compare("Raw profile type exif", key, 21) || compare("Raw profile type APP1", key, 21) || compare("Raw profile type iptc", key, 21) || compare("Raw profile type xmp", key, 20) || compare("XML:com.adobe.xmp", key, 17) || compare("icc", key, 3) || // see test/data/imagemagick.png compare("ICC", key, 3) || - compare("Description", key, 11)) + compare("Description", key, 11))) { #ifdef EXIV2_DEBUG_MESSAGES std::cout << "Exiv2::PngImage::doWriteMetadata: strip " << szChunk