Attachment 102561 Details for Bug 155949 – post-3.5.5-kdegraphics.diff

[patch] post-3.5.5-kdegraphics.diff

post-3.5.5-kdegraphics.diff (text/plain), 5.20 KB, created by Sune Kloppenborg Jeppesen (RETIRED) on 2006-11-22 11:47:31 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Sune Kloppenborg Jeppesen (RETIRED)

Created: 2006-11-22 11:47:31 UTC

Size: 5.20 KB

patch

obsolete

>--- kfile-plugins/jpeg/exif.h
>+++ kfile-plugins/jpeg/exif.h
>@@ -72,7 +72,8 @@
>     int Get32s(void * Long);
>     unsigned Get32u(void * Long);
>     double ConvertAnyFormat(void * ValuePtr, int Format);
>-    void ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase, unsigned ExifLength);
>+    void ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase, unsigned ExifLength,
>+            unsigned NestingLevel);
>     void process_COM (const uchar * Data, int length);
>     void process_SOFn (const uchar * Data, int marker);
>     int Get16m(const void * Short);
>--- kfile-plugins/jpeg/exif.cpp
>+++ kfile-plugins/jpeg/exif.cpp
>@@ -446,7 +446,7 @@
> //--------------------------------------------------------------------------
> // Process one of the nested EXIF directories.
> //--------------------------------------------------------------------------
>-void ExifData::ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase, unsigned ExifLength)
>+void ExifData::ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase, unsigned ExifLength, unsigned NestingLevel)
> {
>     int de;
>     int a;
>@@ -454,6 +454,9 @@
>     unsigned ThumbnailOffset = 0;
>     unsigned ThumbnailSize = 0;
> 
>+    if ( NestingLevel > 4)
>+        throw FatalError("Maximum directory nesting exceeded (corrupt exif header)");
>+
>     NumDirEntries = Get16u(DirStart);
>     #define DIR_ENTRY_ADDR(Start, Entry) (Start+2+12*(Entry))
> 
>@@ -476,7 +479,7 @@
>     for (de=0;de<NumDirEntries;de++){
>         int Tag, Format, Components;
>         unsigned char * ValuePtr;
>-        int ByteCount;
>+        unsigned ByteCount;
>         char * DirEntry;
>         DirEntry = (char *)DIR_ENTRY_ADDR(DirStart, de);
> 
>@@ -489,6 +492,11 @@
>             throw FatalError("Illegal format code in EXIF dir");
>         }
> 
>+        if ((unsigned)Components > 0x10000) {
>+            throw FatalError("Illegal number of components for tag");
>+            continue;
>+        }
>+
>         ByteCount = Components * BytesPerFormat[Format];
> 
>         if (ByteCount > 4){
>@@ -517,11 +525,11 @@
>         switch(Tag){
> 
>             case TAG_MAKE:
>-                ExifData::CameraMake = QString((char*)ValuePtr);
>+                ExifData::CameraMake = QString::fromLatin1((const char*)ValuePtr, 31);
>                 break;
> 
>             case TAG_MODEL:
>-                ExifData::CameraModel = QString((char*)ValuePtr);
>+                ExifData::CameraModel = QString::fromLatin1((const char*)ValuePtr, 39);
> 		break;
> 
>             case TAG_ORIENTATION:
>@@ -529,7 +537,7 @@
>                 break;
> 
>             case TAG_DATETIME_ORIGINAL:
>-		DateTime = QString((char*)ValuePtr);
>+		DateTime = QString::fromLatin1((const char*)ValuePtr, 19);
>                 break;
> 
>             case TAG_USERCOMMENT:
>@@ -550,14 +558,12 @@
>                         int c;
>                         c = (ValuePtr)[a];
>                         if (c != '\0' && c != ' '){
>-                            //strncpy(ImageInfo.Comments, (const char*)(a+ValuePtr), 199);
>-                            UserComment.sprintf("%s", (const char*)(a+ValuePtr));
>+                            UserComment = QString::fromLatin1((const char*)(a+ValuePtr), 199);
>                             break;
>                         }
>                     }
>                 }else{
>-                    //strncpy(ImageInfo.Comments, (const char*)ValuePtr, 199);
>-                    UserComment.sprintf("%s", (const char*)ValuePtr);
>+                    UserComment = QString::fromLatin1((const char*)ValuePtr, 199);
>                 }
>                 break;
> 
>@@ -676,10 +682,10 @@
>         if (Tag == TAG_EXIF_OFFSET || Tag == TAG_INTEROP_OFFSET){
>             unsigned char * SubdirStart;
>             SubdirStart = OffsetBase + Get32u(ValuePtr);
>-            if (SubdirStart < OffsetBase || SubdirStart > OffsetBase+ExifLength){
>+            if (SubdirStart <= OffsetBase || SubdirStart >= OffsetBase+ExifLength){
>                 throw FatalError("Illegal subdirectory link");
>             }
>-            ProcessExifDir(SubdirStart, OffsetBase, ExifLength);
>+            ProcessExifDir(SubdirStart, OffsetBase, ExifLength, NestingLevel+1);
>             continue;
>         }
>     }
>@@ -709,7 +715,7 @@
>                     }
>                 }else{
>                     if (SubdirStart <= OffsetBase+ExifLength){
>-                        ProcessExifDir(SubdirStart, OffsetBase, ExifLength);
>+                        ProcessExifDir(SubdirStart, OffsetBase, ExifLength, NestingLevel+1);
>                     }
>                 }
>             }
>@@ -719,7 +725,7 @@
>     }
> 
>     if (ThumbnailSize && ThumbnailOffset){
>-        if (ThumbnailSize + ThumbnailOffset <= ExifLength){
>+        if (ThumbnailSize + ThumbnailOffset < ExifLength){
>             // The thumbnail pointer appears to be valid.  Store it.
> 	    Thumbnail.loadFromData(OffsetBase + ThumbnailOffset, ThumbnailSize, "JPEG");
>         }
>@@ -810,7 +816,7 @@
>     LastExifRefd = CharBuf;
> 
>     // First directory starts 16 bytes in.  Offsets start at 8 bytes in.
>-    ProcessExifDir(CharBuf+16, CharBuf+8, length-6);
>+    ProcessExifDir(CharBuf+16, CharBuf+8, length-6, 0);
> 
>     // This is how far the interesting (non thumbnail) part of the exif went.
>     ExifSettingsLength = LastExifRefd - CharBuf;

Actions: View | Diff

Attachments on bug 155949: 102561 | 102565 | 102566