Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add a failsafe on the maximum number of Canon MakerNote subtags.
A malicious file could be crafted to cause extremely large values in some tags without tripping any buffer range checks. This is bad with the libexif representation of Canon MakerNotes because some arrays are turned into individual tags that the application must loop around. The largest value I've seen for failsafe_size in a (very small) sample of valid Canon files is <5000. The limit is set two orders of magnitude larger to avoid tripping up falsely in case some models use much larger values. Patch from Google. CVE-2020-13114
- Loading branch information