* avoid re-declaration of constant variables
* Replace pthreads critical section with std::mutex
* ci - better naming
* cmake - increase minimum version to 3.11. Use project DESCRIPTION
* fix - do not treat string::find() return type as bool
* remove conditions that were always true
* remove condition that were always false
* Remove EXV_HAVE_GMTIME_R which is not used anymore
* pixelWidth_ was inherited from Exiv2::Image
The width & height variables in the TiffImage class need to be mutable
to be able to change their values on the getters pixelHeight() and
pixelWidth() ... Do not ask me why ...
* Remove superfluous if
* pvs:V766 item with identical key added already
* pvs:V730 not all members were initialized (time)
* pvs:V730 not all members are initialized
* pvs:v668 no point in testing pointer against null after new
* pvs:V1048 variable assigned the same value
* replace c-style dynamic vector with std one
* pvs:547 fakeData is always true
* Remove useless constructor in derived class
* pvs:V690 modern way to disable copy-ctor
* Replace malloc/free with new/delete. No need to check for null
* pvs:V1028 cast operands and not result
* Remove custom MIN/MAX functions
* pvs:V595 pointer used before verified against null
* pvs: index used before being checked
* pvs:V1028 possible overflow. Cast operands
* pvs:v575 potential null pointer passed to other functions
* pvs:V547 deal with always true/false expressions
* pvs:V560 part of conditional expressions always false or true
* pvs:V701 possible break in realloc -> move to std::vector
* Make some classes 'final'
* Replace sprintf with std::to_string()
* fix compilation on windows
Note that the problem occurs when data_size is less than header_size
what causes a buffer overflow in &data[i]
Co-Authored-By: D4N <dan.cermak@cgc-instruments.com>
- reimplement binaryToString:
- it now accepts a Slice and nothing else
- it does not return a std::string but instead a proxy object that implements
operator<< (this should be more efficient, as we do not need to touch the
heap in most cases)
- addapt unit tests
- replace all occurences with the new API
in the following call:
getHeaderOffset (payload.pData_, payload.size_, (byte*)&exifLongHeader, 6);
getHeaderOffset would read 6 bytes from exifLongHeader, reading beyond the
bounds of the array => add 2 padding bytes to prevent overreads
The size parameter is only checked for upper bounds, but not for lower.
If it is too small, then created dataBuf will be too small and overflow in one
of the subsequent memcpy() calls.
This fixes#378 / CVE-2018-14046
CVE-2017-1000126 is a Stack out of bounds read in the WebP parser caused by the
parameter size & filesize being too large, causing the parser to land in an
infinite loop and eventually crash. Enforcing that the size over which the
parser iterates is smaller than the file fixes this issue.
This fixes#175.
The webp header contains the filesize of the image starting at the 8th byte in
bytes 4 to 8 encoded as a little endian 32 bit unsigned integer. The code was
erroneously assuming that the extracted filesize is starting at the 12th byte,
i.e. at the end of the WebP file header.
Source: https://developers.google.com/speed/webp/docs/riff_container
Kevin Backhouse
Luis Díaz Más
Rosen Penev
Robin Mills
Kevin Backhouse
skal
Dan Čermák
tbeu
draekko