Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix assertion failure in crwimage_int.cpp #1739

Merged
merged 4 commits into from
Jul 15, 2021
Merged

Fix assertion failure in crwimage_int.cpp #1739

merged 4 commits into from
Jul 15, 2021

Conversation

kevinbackhouse
Copy link
Collaborator

Fixes GHSA-mv9g-fxh2-m49m.

A malicious file can cause an assertion failure in packIfdId. It happens during printing, so I thought it would be best to ignore the error and keep going, rather than throw an exception. Let me know if you think it would be better to throw an exception instead. I also added a debug message, which is printed to stderr when EXIV2_DEBUG_MESSAGES is enabled.

@kevinbackhouse kevinbackhouse added the forward-to-main Forward changes in a 0.28.x PR to main with Mergify label Jun 24, 2021
@hassec
Copy link
Member

hassec commented Jun 26, 2021
edited
Loading

I'm not 100% sure what the best solution is, tbh.
To me, it would make sense to inform the user of the fact that something is wrong with the file by either throwing an error or printing a warning.

WDYT @kevinbackhouse ?

@kevinbackhouse kevinbackhouse added this to the v0.27.5 milestone Jul 5, 2021
@kevinbackhouse
Copy link
Collaborator Author

@hassec: I think I found a better solution. I recently discovered that we have a macro called EXV_ERROR that's good for this. You can silence it by putting -q on the command line.

@hassec
Copy link
Member

hassec commented Jul 12, 2021

Thanks for pointing that out, didn't know about that part yet, but it sounds like a great solution. 👍

hassec
hassec approved these changes Jul 14, 2021
View reviewed changes
Copy link
Member

@hassec hassec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing this! 👍

@kevinbackhouse kevinbackhouse merged commit 17f0d75 into Exiv2:0.27-maintenance Jul 15, 2021
@mergify mergify bot mentioned this pull request Jul 15, 2021
Merged
@kevinbackhouse kevinbackhouse deleted the Fix-GHSA-mv9g-fxh2-m49m branch July 26, 2021 11:57
@clanmills clanmills mentioned this pull request Aug 9, 2021
Open
@nehaljwani nehaljwani mentioned this pull request May 8, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hassec hassec hassec approved these changes

Assignees

@hassec hassec

Labels
bug forward-to-main Forward changes in a 0.28.x PR to main with Mergify
Projects
None yet
Milestone
v0.27.5
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kevinbackhouse @hassec