- Regression test for missing bounds check in MemIo::seek()
- Add bounds check to MemIo::seek(), this fixes CVE-2019-13504
(cherry picked from commit bd0afe0390439b2c424d881c8c6eb0c5624e31d9)
Additional fixes for 0.27:
- Add fix for the linux variant of MemIo::seek
- Change type of variable from unsigned to signed
This build passes the test suite and jens.cpp on MacOS-X. I'll submit and see what the CI has to say. With the changes only relating to unitTests (which I didn't run on FreeBSD), we should not have disturbed Linux/FreeBSD/jens.cpp.
Note that the problem occurs when data_size is less than header_size
what causes a buffer overflow in &data[i]
Co-Authored-By: D4N <dan.cermak@cgc-instruments.com>
We suddenly started to have some linking issues in the 0.27 branch after
the libcurl packages were updated in the conan-center repositories.
After some experimentation I took the following steps to fix up the
situation:
- Update conan to latest version
- Update of libcurl to the latest version available
- Use libcurl static libraries
Note that the change to use static libraries is just to make the
deployment step as easier as possible in the travis builds.
* Fix 582 Add support for FocusPosition in Sony RAW files
* Thanks to @boardhead sonyFpCrypt() works correctly. Removed debug code. Fixed typos.
* Update doc/templates/Makefile to process Sony2Fp
* Following review by @boardhead. Renamed sonyFpCrypt() as sonyTagDecipher().
* Fixed writing the tag thanks to @boardhead explaining encipher/decipher.
Sadly, ArrayCfg/crpyt does not know if he's encrypting/decrypting.
I've added a sniff in TiffEncoder::visitBinaryArrayEnd to avoid changing the API.
* Added URL to discussion concerning sonyTagCipher()
* make sonyTagCipher() a static function with no external visibility.
* Add README-SAMPLES.md and remove exiv2samples.1
* Remove samples man page from CMake
* Add all sample programs to Doxygen.
* Adding links to source code on exiv2.org
Authored-By: Robin Mills <robin@clanmills.com>
Authored-By: Luis Díaz Más <piponazo@gmail.com>
This seems to have been caused by duplicate work between master branch
and 0.27-maintenance branch, as commit 3b48249eeb350301dfb3efa3ba6f7d7b162455be
had already got that right.
Robin Mills
Luis Díaz Más
Kevin Backhouse
D4N
pmatth2
Andreas Sturmlechner