New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add bounds check to MemIo::seek(). #944
Conversation
Codecov Report
@@ Coverage Diff @@
## master #944 +/- ##
==========================================
+ Coverage 70.95% 71.12% +0.17%
==========================================
Files 147 148 +1
Lines 19288 19323 +35
==========================================
+ Hits 13685 13743 +58
+ Misses 5603 5580 -23
Continue to review full report at Codecov.
|
@kevinbackhouse Thanks for the quick fix, the changes look good to me. Would you mind adding a unit test that detects regressions in this behavior? |
Yes, I'll add a test. |
3a84ec8
to
60881e8
Compare
I added a unit test. I also changed the bug fix so that it sets the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot for your contributions!
I left two minor suggestions but I am happy with the PR and we could merge it as it is.
unitTests/test_basicio.cpp
Outdated
@@ -0,0 +1,24 @@ | |||
#include <exiv2/basicio.hpp> | |||
|
|||
#include <cmath> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[minor] These headers seem to not be needed, right?. The only usage from standard functions that I see is memset
which would be available in #include <cstring>
unitTests/test_basicio.cpp
Outdated
// The seek was invalid, so the offset didn't change and this read still works. | ||
ASSERT_EQ(io.read(tmp, sizeof(tmp)), sizeof(tmp)); | ||
|
||
// Reset the file. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[suggestion] It seems that every time you are resetting, your aim is to make a slightly different test/check. I would propose to create different tests for each case, and try to give meaningful names to each of them.
If that's not the case or you prefer to not make more changes here let me know.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The changes look good to me, thanks @kevinbackhouse!
Concerning the unit test: I'd prefer to move these into separate functions and to use a fixture for the MemIo
initialization.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please mention CVE-2019-13504 in the commit log, in case anyone wants to cherry-pick fix.
It would be good to get this into 0.27.2.3 (RC3). To do this, it has be in 0.27-maintenance today (2019-07-14), otherwise it'll have to wait for 0.27.3 (scheduled 2019-09-30). |
- Regression test for missing bounds check in MemIo::seek() - Add bounds check to MemIo::seek(), this fixes CVE-2019-13504 (cherry picked from commit bd0afe0) # Conflicts: # src/basicio.cpp # unitTests/CMakeLists.txt
- Regression test for missing bounds check in MemIo::seek() - Add bounds check to MemIo::seek(), this fixes CVE-2019-13504 (cherry picked from commit bd0afe0)
- Regression test for missing bounds check in MemIo::seek() - Add bounds check to MemIo::seek(), this fixes CVE-2019-13504 (cherry picked from commit bd0afe0)
- Regression test for missing bounds check in MemIo::seek() - Add bounds check to MemIo::seek(), this fixes CVE-2019-13504 (cherry picked from commit bd0afe0)
- Regression test for missing bounds check in MemIo::seek() - Add bounds check to MemIo::seek(), this fixes CVE-2019-13504 (cherry picked from commit bd0afe0) Additional fixes for 0.27: - Add fix for the linux variant of MemIo::seek - Change type of variable from unsigned to signed
Add bounds check to MemIo::seek(). (bp #944)
Quick fix for bug reported in #943.