XmpProperties::registerNs allocates strings on the heap that must be freed
manually via XmpProperties::unregisterNs().
=> do this in TearDownTestCase()
The xmp byte array is not necessarily null terminated => strstr can read beyond
the bounds of the allocated array then.
Therefore use string_from_unterminated to remedy this issue.
Also replace xmp with a std::vector, as stl functions can throw and we don't
want a memory leak.
signature is extracted from an image and can lack the terminating \0, this
causes the std::string constructor and strcmp to read beyond the bounds of the
allocated array.
=> Use string_from_unterminated to construct a std::string safely and use it
in the subsequent code & use stl functions instead of C functions
I introduced that file accidentally in the project while trying to move
the implementation details to xxx_int.cpp files. In this case, I found
out some issues and I just decided to leave the implementation in the
file tags.cpp.
- add Vagrantfile to contrib/vms
- add custom provisioning via shell scripts
- move gitlab-ci before_script: to ci/install_dependencies.sh which is also used
by vagrant
- change COPR setup on CentOS 7 (yum-plugin-copr does not seem to work)
This commit fixes the heap-buffer-overflow in PngChunk::parseTXTChunk.
According to the specification:
http://www.libpng.org/pub/png/spec/1.2/PNG-Chunks.html
There must be 2 null separators when we start to analyze the language tag.
Thanks to this upgrade the cmake code that handles the CURL dependency
can be simplified. Now we can use the shared version of CURL in all the
platforms. However we will use for the moment the static version on Mac,
since we are having some issues with 'make tests'. Once those tests are
migrated to python we can also use the shared version there.
In Params::evalGrep regcomp allocates some internal space for the regex objects,
which must be freed manually via regfree(). This was however only done when the
call to regcomp() failed and not on success. As the regexes are needed later,
they have to be deallocated by the destructor.
The compiler instrinsics are exposed via fully specialized template functions
which must not be defined twice (which they accidentally were). Declaring them
as inline fixes this issue.
Luis Diaz Mas
D4N
Dan Čermák
Daniel Zucchetto
Daniel Zucchetto