File CVE-2021-32815.patch of Package exiv2.30966

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2021-32815.patch of Package exiv2.30966

From 0c17eb33c0a7fad1796ce23b8bbc32067f511aed Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Wed, 23 Jun 2021 22:39:31 +0100
Subject: [PATCH] Don't crash if s > size.

---
 src/crwimage_int.cpp | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
index 7b958c26..2db56b18 100644
--- a/src/crwimage.cpp
+++ b/src/crwimage.cpp
@@ -1246,9 +1246,10 @@ namespace Exiv2 {
         for (ExifData::const_iterator i = b; i != e; ++i) {
             if (i->ifdId() != ifdId) continue;
             const uint16_t s = i->tag()*2 + static_cast<uint16_t>(i->size());
-            assert(s <= size);
-            if (len < s) len = s;
-            i->copy(buf.pData_ + i->tag()*2, byteOrder);
+            if (s <= size) {
+                if (len < s) len = s;
+                i->copy(buf.pData_ + i->tag()*2, byteOrder);
+            }
         }
         // Round the size to make it even.
         buf.size_ = len + len%2;
-- 
2.38.0

Places

File CVE-2021-32815.patch of Package exiv2.30966

Places