Skip to content
Permalink
Browse files Browse the repository at this point in the history
ExifParse: Don't run outside exif information
When parsing exif information the number of entries could be tainted. Make
sure to not run behind the exif data by properly checking out of bounds.

Upstream? fix: https://android.googlesource.com/platform/external/jhead/+/34a2564d3268a5ca1472c5076675782fbaf724d6
  • Loading branch information
fritsch committed Jan 3, 2023
1 parent 939c521 commit 367cc80
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions xbmc/pictures/ExifParse.cpp
Expand Up @@ -878,6 +878,12 @@ void CExifParse::ProcessGpsInfo(
{
const unsigned char* DirEntry = DIR_ENTRY_ADDR(DirStart, de);

// Fix from aosp 34a2564d3268a5ca1472c5076675782fbaf724d6
if (DirEntry + 12 > OffsetBase + ExifLength){
ErrNonfatal("GPS info directory goes past end of exif", 0, 0);
return;
}

unsigned Tag = Get16(DirEntry, m_MotorolaOrder);
unsigned Format = Get16(DirEntry+2, m_MotorolaOrder);
unsigned Components = (unsigned)Get32(DirEntry+4, m_MotorolaOrder);
Expand Down

0 comments on commit 367cc80

Please sign in to comment.