pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/libexif Added a patch to fix buffer overflow:
details: https://anonhg.NetBSD.org/pkgsrc/rev/a304ac0b7916
branches: trunk
changeset: 490451:a304ac0b7916
user: adam <adam%pkgsrc.org@localhost>
date: Thu Mar 10 19:22:22 2005 +0000
description:
Added a patch to fix buffer overflow:
* SECURITY UPDATE: Fix buffer overflow.
* libexif/exif-data.c: Add buffer size checks in several places before
trying to access it.
* Thanks to Sylvain Defresne for spotting this and the patch.
* References:
https://bugzilla.ubuntulinux.org/show_bug.cgi?id=7152
Thanks to wiz@ for heads-up. :)
diffstat:
graphics/libexif/distinfo | 3 ++-
graphics/libexif/patches/patch-ab | 32 ++++++++++++++++++++++++++++++++
2 files changed, 34 insertions(+), 1 deletions(-)
diffs (48 lines):
diff -r 72ebfe4838f8 -r a304ac0b7916 graphics/libexif/distinfo
--- a/graphics/libexif/distinfo Thu Mar 10 19:19:46 2005 +0000
+++ b/graphics/libexif/distinfo Thu Mar 10 19:22:22 2005 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.11 2005/02/24 08:45:09 agc Exp $
+$NetBSD: distinfo,v 1.12 2005/03/10 19:22:22 adam Exp $
SHA1 (libexif-0.6.11.tar.gz) = f522e097edfccac420c7779209aafeebbf09aa7c
RMD160 (libexif-0.6.11.tar.gz) = 306637ba3ce8b8a0c095ef5da5792d178bda37fb
Size (libexif-0.6.11.tar.gz) = 546277 bytes
SHA1 (patch-aa) = bcbdc84fc26c64ecac62699ab11bf55afe6b65c7
+SHA1 (patch-ab) = d778a593bc70a4c3a1413a4bfa508e98fdf2f71a
diff -r 72ebfe4838f8 -r a304ac0b7916 graphics/libexif/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/libexif/patches/patch-ab Thu Mar 10 19:22:22 2005 +0000
@@ -0,0 +1,32 @@
+$NetBSD: patch-ab,v 1.1 2005/03/10 19:22:22 adam Exp $
+
+--- libexif/exif-data.c.orig Tue Oct 5 21:10:04 2004
++++ libexif/exif-data.c
+@@ -628,7 +628,7 @@ exif_data_load_data (ExifData *data, con
+ "Found EXIF header.");
+
+ /* Byte order (offset 6, length 2) */
+- if (ds < 12)
++ if (ds < 14)
+ return;
+ if (!memcmp (d + 6, "II", 2))
+ data->priv->order = EXIF_BYTE_ORDER_INTEL;
+@@ -646,12 +646,18 @@ exif_data_load_data (ExifData *data, con
+ exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
+ "IFD 0 at %i.", (int) offset);
+
++ if (ds < 6 + 4 + offset)
++ return;
++
+ /* Parse the actual exif data (offset 14) */
+ exif_data_load_data_content (data, data->ifd[EXIF_IFD_0], d + 6,
+ ds - 6, offset);
+
+ /* IFD 1 offset */
+ n = exif_get_short (d + 6 + offset, data->priv->order);
++ if (ds < 6 + offset + 2 + 12 * n + 4)
++ return;
++
+ offset = exif_get_long (d + 6 + offset + 2 + 12 * n, data->priv->order);
+ if (offset) {
+ exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
Home |
Main Index |
Thread Index |
Old Index