Blame exiv2-0.24-CVE-2014-9449.patch
|
Rex Dieter |
b349f4d |
diff -up exiv2-0.24/src/riffvideo.cpp.CVE-2014-9449 exiv2-0.24/src/riffvideo.cpp
|
|
Rex Dieter |
b349f4d |
--- exiv2-0.24/src/riffvideo.cpp.CVE-2014-9449 2013-12-01 06:13:42.000000000 -0600
|
|
Rex Dieter |
b349f4d |
+++ exiv2-0.24/src/riffvideo.cpp 2015-01-05 11:21:42.306728309 -0600
|
|
Rex Dieter |
b349f4d |
@@ -856,7 +856,7 @@ namespace Exiv2 {
|
|
Rex Dieter |
b349f4d |
|
|
Rex Dieter |
b349f4d |
void RiffVideo::infoTagsHandler()
|
|
Rex Dieter |
b349f4d |
{
|
|
Rex Dieter |
b349f4d |
- const long bufMinSize = 100;
|
|
Rex Dieter |
b349f4d |
+ const long bufMinSize = 10000;
|
|
Rex Dieter |
b349f4d |
DataBuf buf(bufMinSize);
|
|
Rex Dieter |
b349f4d |
buf.pData_[4] = '\0';
|
|
Rex Dieter |
b349f4d |
io_->seek(-12, BasicIo::cur);
|
|
Rex Dieter |
b349f4d |
@@ -879,10 +879,14 @@ namespace Exiv2 {
|
|
Rex Dieter |
b349f4d |
if(infoSize >= 0) {
|
|
Rex Dieter |
b349f4d |
size -= infoSize;
|
|
Rex Dieter |
b349f4d |
io_->read(buf.pData_, infoSize);
|
|
Rex Dieter |
b349f4d |
+ if(infoSize < 4)
|
|
Rex Dieter |
b349f4d |
+ buf.pData_[infoSize] = '\0';
|
|
Rex Dieter |
b349f4d |
}
|
|
Rex Dieter |
b349f4d |
|
|
Rex Dieter |
b349f4d |
if(tv)
|
|
Rex Dieter |
b349f4d |
xmpData_[exvGettext(tv->label_)] = buf.pData_;
|
|
Rex Dieter |
b349f4d |
+ else
|
|
Rex Dieter |
b349f4d |
+ continue;
|
|
Rex Dieter |
b349f4d |
}
|
|
Rex Dieter |
b349f4d |
io_->seek(cur_pos + size_external, BasicIo::beg);
|
|
Rex Dieter |
b349f4d |
} // RiffVideo::infoTagsHandler
|