From ead7f309b0208f5a6ae66fd16cf1b15ac0d598a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dan.cermak@cgc-instruments.com>
Date: Sat, 6 Jan 2018 15:45:58 +0100
Subject: [PATCH] Added reproducer for CVE-2017-1000127

---
 test/data/heap-oob-write.tiff                  | Bin 0 -> 310 bytes
 tests/bugfixes/github/test_CVE_2017_1000127.py |  16 ++++++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 test/data/heap-oob-write.tiff
 create mode 100644 tests/bugfixes/github/test_CVE_2017_1000127.py

diff --git a/test/data/heap-oob-write.tiff b/test/data/heap-oob-write.tiff
new file mode 100644
index 0000000000000000000000000000000000000000..5146aa21971e50bda58bdd3d5cc43be1c29bcec8
GIT binary patch
literal 310
zcmebEWzb?^VBlboW@KPs2C^6#P5=o;D7y*BW&*QWfUF=!W~ew&F(Vt4%>-ogF@VU)
zKpe%$4`MS2F)%Q_V-x_hxj;rU3NirA0GiLB@rY3f$sAEA8)SnRlnt_19IBpinggR0
z11m%?GZ&*YoGrvCgJg~dlnru;A=qA7puJLzMqsuGkZr+e4Q49=**=UxNP2_8Y@iF6
f^O*L4+$d}cWS2GX2D{-U1B2L__F|a()n)(yVo4Ek

literal 0
HcmV?d00001

diff --git a/tests/bugfixes/github/test_CVE_2017_1000127.py b/tests/bugfixes/github/test_CVE_2017_1000127.py
new file mode 100644
index 00000000..0fd12b8c
--- /dev/null
+++ b/tests/bugfixes/github/test_CVE_2017_1000127.py
@@ -0,0 +1,16 @@
+# -*- coding: utf-8 -*-
+
+import system_tests
+
+
+class TestPoC(system_tests.Case):
+
+    url = "https://github.com/Exiv2/exiv2/issues/176"
+
+    filename = "{data_path}/heap-oob-write.tiff"
+    commands = ["{exiv2} " + filename]
+    stdout = [""]
+    stderr = ["""{exiv2_exception_msg} """ + filename + """:
+{error_57_message}
+"""]
+    retval = [1]