- Regression test for missing bounds check in MemIo::seek()
- Add bounds check to MemIo::seek(), this fixes CVE-2019-13504
(cherry picked from commit bd0afe0390439b2c424d881c8c6eb0c5624e31d9)
Additional fixes for 0.27:
- Add fix for the linux variant of MemIo::seek
- Change type of variable from unsigned to signed
This build passes the test suite and jens.cpp on MacOS-X. I'll submit and see what the CI has to say. With the changes only relating to unitTests (which I didn't run on FreeBSD), we should not have disturbed Linux/FreeBSD/jens.cpp.
- reimplement binaryToString:
- it now accepts a Slice and nothing else
- it does not return a std::string but instead a proxy object that implements
operator<< (this should be more efficient, as we do not need to touch the
heap in most cases)
- addapt unit tests
- replace all occurences with the new API
- Integration tests had to be disabled with 2012 and 2013. There were
few (4) tests failing for these cases.
- Only bring libiconv with conan when a windows subsystem is detected.
- libiconv can be enabled now with a conan option.
- Use infinity instead of INFINITY
- Use conan_basic_setup(). Fixes a problem with gtest is VS2012
- call vcvarsall.bat for each compiler version so that nmake can be
found.
XmpProperties::registerNs allocates strings on the heap that must be freed
manually via XmpProperties::unregisterNs().
=> do this in TearDownTestCase()
I feel more confortable doing changes in a code that I do not know by
having some unit tests around it. These characterisation tests will
also be useful as documentation.
- templated structs were not required, SFINAE works for functions too
=> use instead, removes some unneeded code
- fix non-usage of builtins with clang
- adjust unit tests
errno can be set to a non-zero value from a previously failed system
call, it is not reset by successful ones
=> have to do that manually or the unit test fails because it detects
an "outdated" error message
This change define explicitly the behavior that exiv2::getEnv should have
on response to unexpected inputs.
There are some other minor changes:
- Use _putenv_s for the unit tests on Windows
- Add todo comment
- Remove deprecated note about freeing memory
I tried to use directly the private OBJECT library (exiv2lib_int) in the unit_tests targets, but the private objects have dependencies on the public symbols (circular dependency)
and therefore it is impossible to test the private code with that approach with the current design of the library.
Starting from CMake 3.3 we can use the variable CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS to export all the symbols of a shared library:
https://blog.kitware.com/create-dlls-on-windows-without-declspec-using-new-cmake-export-all-feature/
Even having the opportunity to use this variable (that will be only used when EXIV2_BUILD_UNIT_TESTS is enabled) the previous commits are still valid.
It is interesting to clearly differentiate between the public and private code of the library. Enforcing this, make us think twice before putting code in the public
part of the library.
Robin Mills
Luis Diaz Mas
Kevin Backhouse
Dan Čermák
Dan Čermák