Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix out of buffer access in #1529 #1534

Merged
merged 1 commit into from
Apr 9, 2021
Merged

Fix out of buffer access in #1529 #1534

merged 1 commit into from
Apr 9, 2021

Conversation

pydera
Copy link
Collaborator

@pydera pydera commented Apr 8, 2021

No description provided.

@lgtm-com
Copy link

lgtm-com bot commented Apr 8, 2021

This pull request fixes 1 alert when merging 13e5a3e into 05ec053 - view on LGTM.com

fixed alerts:

  • 1 for FIXME comment

@pydera pydera changed the title Fix out of buffer access in #1529 Fix out of buffer access in #1529 Apr 9, 2021
@pydera pydera changed the title Fix out of buffer access in #1529 Fix out of buffer access in #1529 Apr 9, 2021
clanmills
clanmills reviewed Apr 9, 2021
View reviewed changes
Copy link
Collaborator

@clanmills clanmills left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should deal with box.length == 1 separately as we might fix that. I'll have a dig about in my test files to see if we have a suitable file.

The change for box.length < 8 is correct. None of the existing error codes is perfect for this error, so throwing Exiv2::kerCorruptedMetadata seems fine to me. You can get a list of the 62 error codes:

593 rmills@rmillsm1:~/gnu/github/exiv2/0.27-maintenance/src $ grep ker error.cpp | wc
      62     124    2528
594 rmills@rmillsm1:~/gnu/github/exiv2/0.27-maintenance/src $ grep ker error.cpp 
        { Exiv2::kerGeneralError,
        { Exiv2::kerSuccess,
        { Exiv2::kerErrorMessage,
        { Exiv2::kerCallFailed,
        { Exiv2::kerNotAnImage,
        { Exiv2::kerInvalidDataset,
        { Exiv2::kerInvalidRecord,
...

@pydera
Copy link
Collaborator Author

pydera commented Apr 9, 2021

I created an issue to deal with this special case to not dilute the CVE: #1537

@clanmills
Copy link
Collaborator

clanmills commented Apr 9, 2021
edited
Loading

Yes. That's very good.

Kevin has powered up on #1530 and submitted a PR for that. I'm going to accept Kevin's.

This is incredible. In 13 years of working on Exiv2, it's the first time that two contributors have submitted PRs for the same issue. I'm amazed that Team Exiv2 is becoming real and solid. Thank You for contributing.

@pydera pydera merged commit 0230620 into 0.27-maintenance Apr 9, 2021
@pydera pydera deleted the fix_1529 branch April 9, 2021 09:55
@clanmills clanmills linked an issue Apr 9, 2021 that may be closed by this pull request
heap-buffer-overflow write in Exiv2::Jp2Image::doWriteMetadata #1529
Closed
@hassec hassec added this to the v0.27.4 milestone May 21, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clanmills clanmills clanmills approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.27.4
Development

Successfully merging this pull request may close these issues.

heap-buffer-overflow write in Exiv2::Jp2Image::doWriteMetadata
3 participants
@pydera @clanmills @hassec