xymp
/
exiv2
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5,374 Commits
2 Branches
0 Tags
119 MiB
v0.27.3
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd219e61586'
${ noResults }
Commit Graph

37 Commits (d219e61586d49fae4f7e1788e6e60541bfaa68f2)

Author SHA1 Message Date
Michał Walenciak d219e61586 be more error prone 8 years ago
Michał Walenciak 24348e85ca checks for valid reads 8 years ago
Michał Walenciak 421c6d6723 improvements for issue #208 8 years ago
Michał Walenciak 1647908e00 fix for crash in bigtiff (issue #208) 8 years ago
Luis Díaz Más 1fe8d5ba7f Fix conversion issue detected by MSVC 8 years ago
Michał Walenciak 2402a693fd adding missing include for numeric_limits 8 years ago
Michał Walenciak b1a5d615c5 removing debug message 8 years ago
Michał Walenciak 64e05c0a7a improving fixes for #55 and #56 8 years ago
Dan Čermák 74cb5bab13 Fixed wrong brackets: size*count + pad can overflow before the cast 
=> Should fix #76 (most of the work has been done by Robin Mills in
   6e3855aed7)

The problem with #76 is the contents of the 26th IFD, with the
following contents:
tag: 0x8649
type: 0x1
count: 0xffff ffff
offset: 0x4974

The issue is the size of count (uint32_t), as adding anything to it
causes an overflow. Especially the expression:
(size*count + pad+20)
results in an overflow and gives 20 as a result instead of
0x100000014, thus the condition in the if in the next line is false
and the program continues to run (until it crashes at io.read).

To properly account for the overflow, the brackets have to be removed,
as then the result is saved in the correctly sized type and not cast
after being calculated in the smaller type.

The brackets have also been removed from bigtiffimage.cpp, where the
same issue is present.
 8 years ago
Robin Mills d8ae4484ae msvc support for bigtiffimage.cpp 8 years ago
clanmills 6e3855aed7 Fix https://github.com/Exiv2/exiv2/issues/55 8 years ago
Michał Walenciak 4837d8cf58 changing header + some warning fix 8 years ago
Michał Walenciak 734a2c3d57 fixing TODO 8 years ago
Michał Walenciak e3ff1ba694 fixing indent 8 years ago
Michał Walenciak 4629227358 fix for IPTCNAA 
dir_offset was used instead of offset
 8 years ago
Michał Walenciak 4f6f5b4946 removing conditional_byte_swap* functions 8 years ago
Michał Walenciak f96d84ba8c dropping dead code 8 years ago
Michał Walenciak 50ecf672b5 using Internal::indent() 8 years ago
Michał Walenciak f8ac7a5dc3 renaming Tiff to StandardTiff 8 years ago
Michał Walenciak d460bbdb3f fix for standard tiff case 8 years ago
Michał Walenciak 81aa8828e0 applying dff941ad7f 8 years ago
Michał Walenciak 874daede53 fixing broken print for 'offset' column 8 years ago
Michał Walenciak 8b07982bf2 variable names cleanup 8 years ago
Michał Walenciak 1a1dc3afd4 simplifying code 8 years ago
Michał Walenciak c6cbf69c49 first attempt to read both - standard and big tiff 8 years ago
Michał Walenciak 972e302cba some cleanups 8 years ago
Michał Walenciak 3c9817339a Dropping BasicIo& io parameter. 
We already have acces to it via Image class
 8 years ago
Michał Walenciak 65722a0020 dropping bSwap parameter 
Member is better.
 8 years ago
Michał Walenciak 7e291ef226 Encapsulating Header's members 8 years ago
Michał Walenciak cb3857c675 removing useles code 8 years ago
Michał Walenciak ff21b5a962 restore position if necessary 8 years ago
Michał Walenciak cc8c470620 fix header read + tag name dump 8 years ago
Michał Walenciak 5fa328737a moving implementation from stand alone parser 8 years ago
Michał Walenciak 307faae830 introducing tiff Header + header builder function 8 years ago
Michał Walenciak dc331ee44a implementing isBigTiffType 8 years ago
Michał Walenciak b3aa2adf31 initial implementation of newBigTiffInstance() 8 years ago
Michał Walenciak bc6eed0b03 registering new file type 8 years ago