xymp
/
exiv2
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5,433 Commits
2 Branches
0 Tags
119 MiB
v0.27.3
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c754ca6d14'
${ noResults }
Commit Graph

5433 Commits (c754ca6d1439d022bd4254cf007cea5caeb29b51)
 

Author SHA1 Message Date
Andreas Sturmlechner 3f39c23f2c
Fix remaining occurrence of EXIV2_ENABLE_BUILD_PO 8 years ago
D4N 549cac47af Merge pull request #110 from D4N/fix_CVE-2017-14864 
Fix for CVE-2017-14864, CVE-2017-14862 and CVE-2017-14859
 8 years ago
Dan Čermák de298b8e5d Added reproducers for #73, #74 and #75 to the test suite 8 years ago
Dan Čermák c686843e20 Added exception throw on Value pointer being null 
v can be null if the typeId is invalid => throw an exception notifying
the user that his file is corrupted instead of the assertion
 8 years ago
Dan Čermák 75940da0a6 Added check for overflows in calculation of size 8 years ago
Dan Čermák 8a586c74bb Fix for CVE-2017-14864, CVE-2017-14862 and CVE-2017-14859 
The invalid memory dereference in
Exiv2::getULong()/Exiv2::StringValueBase::read()/Exiv2::DataValue::read()
is caused further up the call-stack, by
v->read(pData, size, byteOrder) in TiffReader::readTiffEntry()
passing an invalid pData pointer (pData points outside of the Tiff
file). pData can be set out of bounds in the (size > 4) branch where
baseOffset() and offset are added to pData_ without checking whether
the result is still in the file. As offset comes from an untrusted
source, an attacker can craft an arbitrarily large offset into the
file.

This commit adds a check into the problematic branch, whether the
result of the addition would be out of bounds of the Tiff
file. Furthermore the whole operation is checked for possible
overflows.
 8 years ago
Dan Čermák 6c1ba331b9 Added arithmetic operation overflow error 8 years ago
Luis Díaz Más f06418c656 Merge pull request #108 from D4N/fix_CVE-2017-14860 
Fix CVE-2017-14860
 8 years ago
Dan Čermák c884a3b4bf Added the reproducer for CVE-2017-14860 to the test suite 8 years ago
Dan Čermák ff18fec24b Fix for CVE-2017-14860 
A heap buffer overflow could occur in memcpy when icc.size_ is larger
than data.size_ - pad, as then memcpy would read out of bounds of data.

This commit adds a sanity check to iccLength (= icc.size_): if it is
larger than data.size_ - pad (i.e. an overflow would be caused) an
exception is thrown.

This fixes #71.
 8 years ago
Dan Čermák 65f45a3505 Added new error message to warn about corrupted metadata 8 years ago
Luis Díaz Más 27cabb2a1a Merge pull request #115 from piponazo/appVeyorChanges 
App veyor changes
 8 years ago
Luis Díaz Más 39e3d7fbe4 Merge branch 'master' into appVeyorChanges 8 years ago
Luis Díaz Más 7f0d753d10 Use separate conanData directory for the conan cache in travis 8 years ago
Luis Díaz Más 62a0f8cde8 Unify appveyor style 8 years ago
Luis Diaz Mas bdce47b6e7 Use VS2015 instead of 2017, Use newer conan version and enable cache in appveyor 8 years ago
D4N 0a56b0ab81 Merge pull request #113 from greenbigfrog/patch-1 
Fix URL to wiki in README.md
 8 years ago
Jonathan 2ff0bb9a6a Fix URL to wiki in README.md 8 years ago
Luis Díaz Más 0670b35f56 Merge pull request #111 from piponazo/travisCache 
Travis cache
 8 years ago
Luis Diaz Mas f454c375a0 Disable bash -ex to not fail with commands returning non-0 values 8 years ago
Luis Díaz Más 1067978216 Adding caching support in travis-ci builds 8 years ago
Luis Díaz Más 4beb08e219 Merge pull request #105 from Kicer86/bigtiff 
Work in progress - improvements for bigtiff
 8 years ago
Michał Walenciak 2e535d8a27 trying to fix windows build 8 years ago
Luis Díaz Más 8e4aff29c2 Merge pull request #107 from D4N/tiffvisitor_nullptr_check 
Use nullptr check instead of assertion, by Raphaël Hertzog
 8 years ago
Michał Walenciak 2402a693fd adding missing include for numeric_limits 8 years ago
Luis Díaz Más 93bbf0cab1 Merge pull request #104 from piponazo/removeCpp11Feature 
Remove cpp11 features
 8 years ago
Dan Čermák e026160556 Use nullptr check instead of assertion, by Raphaël Hertzog 
Source:
https://github.com/Exiv2/exiv2/issues/57#issuecomment-333086302

tc can be a null pointer when the TIFF tag is unknown (the factory
then returns an auto_ptr(0)) => as this can happen for corrupted
files, an explicit check should be used because an assertion can be
turned of in release mode (with NDEBUG defined)

This also fixes #57
 8 years ago
Luis Díaz Más bef6dad6c5 Merge pull request #103 from AdelieLinux/master 
Amend fix for #9 to apply to other Unix systems
 8 years ago
Michał Walenciak b1a5d615c5 removing debug message 8 years ago
Michał Walenciak 64e05c0a7a improving fixes for #55 and #56 8 years ago
Luis Díaz Más 1a1a61b63d Remove reference to regex & c++11 from the man page 8 years ago
Luis Díaz Más 5b8894908b Remove all references to EXV_HAVE_REGEX and related code 8 years ago
Luis Díaz Más bfd61bd0f1 Merge pull request #96 from Kicer86/master 
Adding comment for issue #56
 8 years ago
A. Wilcox d775683f57
Amend fix for #9 to apply to other Unix systems 
At least the musl libc on Linux has the same issue as Mac OS X: the
PTHREAD_RECURSIVE_* static initialiser does not exist.  This is a
documented and purposeful omission:

http://www.openwall.com/lists/musl/2017/02/20/3

This commit uses similar logic to the Apple test on other Unixes.
 8 years ago
Luis Díaz Más 6db39b08a5 Merge pull request #102 from piponazo/removeObjectLibrary 
Remove EXIV2_ENABLE_LIBXMP variable, always build static XMP library,…
 8 years ago
Luis Díaz Más 3dbc7c1969 Fix compilation on Windows 8 years ago
Luis Diaz Mas 2784b1f7f7 Remove EXIV2_ENABLE_LIBXMP variable, always build static XMP library, remove cmake OBJECT library 8 years ago
Robin Mills d9e9f71918 Merge pull request #98 from D4N/testsuite 
Add POC3, POC4, POC5, POC6, POC9, POC11, POC12 & POC13 to the test suite
 8 years ago
Dan Čermák 751905ccde Add POC3, POC4, POC5, POC6, POC9, POC11, POC12 & POC13 to the test suite 
These are files which reproduce the github issues #50, #51, #52, #53,
 #54, #58, #59 and #60
 8 years ago
Michał Walenciak 7e90668011 Adding comment for issue #56 8 years ago
Luis Díaz Más df3c77516c Merge pull request #94 from piponazo/configFileInBuildDirectory 
Generate exv_conf.h file out of the source tree.
 8 years ago
Luis Díaz Más a9e3f17f31 Generate exv_conf.h file out of the source tree. Install it in the include folder. 8 years ago
Luis Díaz Más 4f4add2cdc Merge pull request #89 from piponazo/ExportConfigFile 
Add exiv2Config file that is automatically generated by CMake
 8 years ago
Luis Díaz Más 4a519c8917 Merge pull request #90 from piponazo/removeUselessCMakeVariable 
Remove useless HAVE_XMP_TOOLKIT
 8 years ago
Luis Díaz Más 0448415ff2 Remove useless HAVE_XMP_TOOLKIT 8 years ago
Luis Díaz Más 686edde5ef Provide exiv2Config file automatically generated by CMake 8 years ago
Luis Díaz Más 30e76211b2 Remove hand-made FindExiv2.cmake that was out of date 8 years ago
Luis Díaz Más c9afa0a3ee Merge pull request #87 from piponazo/fixCMakeWindowsBuild 
Fix the default configuration CMake+Windows
 8 years ago
Luis Díaz Más 96bb10f38e Fix the default configuration CMake+Windows 8 years ago
clanmills 327b3f6c4d Fix https://github.com/Exiv2/exiv2/issues/83 8 years ago