File CVE-2017-11683.patch of Package exiv2.7392

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2017-11683.patch of Package exiv2.7392

From 7b8418382a824706304b40c9356fb9c0e31a0559 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dan.cermak@cgc-instruments.com>
Date: Fri, 6 Oct 2017 00:37:43 +0200
Subject: [PATCH 4/9] =?UTF-8?q?Use=20nullptr=20check=20instead=20of=20asse?=
 =?UTF-8?q?rtion,=20by=20Rapha=C3=ABl=20Hertzog?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Source:
https://github.com/Exiv2/exiv2/issues/57#issuecomment-333086302

tc can be a null pointer when the TIFF tag is unknown (the factory
then returns an auto_ptr(0)) => as this can happen for corrupted
files, an explicit check should be used because an assertion can be
turned of in release mode (with NDEBUG defined)

This also fixes #57

(cherry picked from commit 1f1715c086d8dcdf5165b19164af9aee7aa12e98)
---
 src/tiffvisitor.cpp | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/tiffvisitor.cpp b/src/tiffvisitor.cpp
index e9e7a33c..a15350ef 100644
--- a/src/tiffvisitor.cpp
+++ b/src/tiffvisitor.cpp
@@ -1291,11 +1291,12 @@ namespace Exiv2 {
             }
             uint16_t tag = getUShort(p, byteOrder());
             TiffComponent::AutoPtr tc = TiffCreator::create(tag, object->group());
-            // The assertion typically fails if a component is not configured in
-            // the TIFF structure table
-            assert(tc.get());
-            tc->setStart(p);
-            object->addChild(tc);
+            if (tc.get()) {
+                tc->setStart(p);
+                object->addChild(tc);
+            } else {
+               EXV_WARNING << "Unable to handle tag " << tag << ".\n";
+            }
             p += 12;
         }
 
-- 
2.14.1

Places

File CVE-2017-11683.patch of Package exiv2.7392

Places