diff options
Diffstat (limited to 'meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch')
-rw-r--r-- | meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch deleted file mode 100644 index eedf9d79aa..0000000000 --- a/meta-oe/recipes-support/exiv2/exiv2/CVE-2021-29470.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 6628a69c036df2aa036290e6cd71767c159c79ed Mon Sep 17 00:00:00 2001 -From: Kevin Backhouse <kevinbackhouse@github.com> -Date: Wed, 21 Apr 2021 12:06:04 +0100 -Subject: [PATCH] Add more bounds checks in Jp2Image::encodeJp2Header ---- - src/jp2image.cpp | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/jp2image.cpp b/src/jp2image.cpp -index b424225..349a9f0 100644 ---- a/src/jp2image.cpp -+++ b/src/jp2image.cpp -@@ -645,13 +645,16 @@ static void boxes_check(size_t b,size_t m) - DataBuf output(boxBuf.size_ + iccProfile_.size_ + 100); // allocate sufficient space - long outlen = sizeof(Jp2BoxHeader) ; // now many bytes have we written to output? - long inlen = sizeof(Jp2BoxHeader) ; // how many bytes have we read from boxBuf? -+ enforce(sizeof(Jp2BoxHeader) <= static_cast<size_t>(output.size_), Exiv2::kerCorruptedMetadata); - Jp2BoxHeader* pBox = (Jp2BoxHeader*) boxBuf.pData_; - uint32_t length = getLong((byte*)&pBox->length, bigEndian); -+ enforce(length <= static_cast<size_t>(output.size_), Exiv2::kerCorruptedMetadata); - uint32_t count = sizeof (Jp2BoxHeader); - char* p = (char*) boxBuf.pData_; - bool bWroteColor = false ; - - while ( count < length || !bWroteColor ) { -+ enforce(sizeof(Jp2BoxHeader) <= length - count, Exiv2::kerCorruptedMetadata); - Jp2BoxHeader* pSubBox = (Jp2BoxHeader*) (p+count) ; - - // copy data. pointer could be into a memory mapped file which we will decode! --- -2.25.1 - |