Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stricter date parsing in value.cpp #1720

Merged
merged 3 commits into from
Jun 27, 2021
Merged

Stricter date parsing in value.cpp #1720

merged 3 commits into from
Jun 27, 2021

Conversation

kevinbackhouse
Copy link
Collaborator

Fixes #1713.

The problem in #1713 is caused by a file containing the date "2005-09-07415". It isn't rejected as an invalid date. Later on, it's printed to a string using sprintf, causing an out of bounds write. I have improved the parsing logic to reject the invalid date, and also replaced sprintf with snprintf.

@kevinbackhouse kevinbackhouse linked an issue Jun 17, 2021 that may be closed by this pull request
stack-buffer-overflow in exiv2 #1713
Closed
@kevinbackhouse kevinbackhouse mentioned this pull request Jun 17, 2021
Closed
@kevinbackhouse kevinbackhouse added the forward-to-main Forward changes in a 0.28.x PR to main with Mergify label Jun 17, 2021
@kevinbackhouse kevinbackhouse mentioned this pull request Jun 21, 2021
Merged
hassec
hassec approved these changes Jun 27, 2021
View reviewed changes
Copy link
Member

@hassec hassec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@hassec hassec merged commit ab58026 into Exiv2:0.27-maintenance Jun 27, 2021
@hassec hassec added this to the v0.27.5 milestone Jun 27, 2021
@hassec hassec added bug prettyPrinter Anything related to the output formatting of a value labels Jun 27, 2021
mergify bot pushed a commit that referenced this pull request Jun 27, 2021
@kevinbackhouse
fix: stricter date parsing in value.cpp (#1720)
b08a27f 
* Regression test for issue 1713

* Stricter date parsing.

* Fix test failure caused by stdout mismatch.

(cherry picked from commit ab58026)
@mergify mergify bot mentioned this pull request Jun 27, 2021
Merged
hassec pushed a commit that referenced this pull request Jun 27, 2021
@kevinbackhouse @hassec
fix: stricter date parsing in value.cpp (#1720)
a4c5bda 
* Regression test for issue 1713

* Stricter date parsing.

* Fix test failure caused by stdout mismatch.

(cherry picked from commit ab58026)
@clanmills clanmills mentioned this pull request Aug 9, 2021
Open
@kevinbackhouse kevinbackhouse deleted the FixIssue1713 branch September 18, 2021 12:51
@nehaljwani nehaljwani mentioned this pull request May 8, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hassec hassec hassec approved these changes

Assignees
No one assigned
Labels
bug forward-to-main Forward changes in a 0.28.x PR to main with Mergify prettyPrinter Anything related to the output formatting of a value
Projects
None yet
Milestone
v0.27.5
Development

Successfully merging this pull request may close these issues.

stack-buffer-overflow in exiv2
2 participants
@kevinbackhouse @hassec