Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 53007 Details for
Bug 84076
media-libs/libexif buffer overflow (CAN-2005-0664)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for the 0.5 branch from Fedora
libexif-0.5.12-buffer-overflow.patch (text/plain), 860 bytes, created by
René Rhéaume (a.k.a. repzilon, rener)
on 2005-03-09 06:11:05 UTC
(
hide
)
Description:
Patch for the 0.5 branch from Fedora
Filename:
MIME Type:
Creator:
René Rhéaume (a.k.a. repzilon, rener)
Created:
2005-03-09 06:11:05 UTC
Size:
860 bytes
patch
obsolete
>--- libexif-0.5.12/libexif/exif-data.c.buffer-overflow 2005-03-08 05:24:31.000000000 -0500 >+++ libexif-0.5.12/libexif/exif-data.c 2005-03-08 05:26:30.000000000 -0500 >@@ -551,7 +551,7 @@ > #endif > > /* Byte order (offset 6, length 2) */ >- if (size < 12) >+ if (size < 14) > return; > if (!memcmp (d + 6, "II", 2)) > data->priv->order = EXIF_BYTE_ORDER_INTEL; >@@ -570,12 +570,18 @@ > printf ("IFD 0 at %i.\n", (int) offset); > #endif > >+ if (size < 6 + 4 + offset) >+ return; >+ > /* Parse the actual exif data (offset 14) */ > exif_data_load_data_content (data, data->ifd[EXIF_IFD_0], d + 6, > size - 6, offset); > > /* IFD 1 offset */ > n = exif_get_short (d + 6 + offset, data->priv->order); >+ if (size < 6 + offset + 2 + 12 * n + 4) >+ return; >+ > offset = exif_get_long (d + 6 + offset + 2 + 12 * n, data->priv->order); > if (offset) { > #ifdef DEBUG
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 84076
: 53007