Commit e408cc87 authored by J0WI's avatar J0WI Committed by Ariadne Conill
Browse files

community/exiv2: security upgrade to 0.27.4

rollup of these commits from edge:

community/exiv2: upgrade to 0.27.4
community/exiv2: update secfixes
community/exiv2: update secfixes for CVE-2021-29464
parent d0ebda01
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=exiv2
pkgver=0.27.3
pkgrel=2
pkgver=0.27.4
pkgrel=0
pkgdesc="Exif and Iptc metadata manipulation library and tools."
url="https://exiv2.org"
url="https://exiv2.org/"
arch="all"
options="!check" # No test suite.
license="GPL-2.0-or-later"
depends_dev="expat-dev zlib-dev"
makedepends="$depends_dev cmake"
subpackages="$pkgname-dev $pkgname-doc"
source="https://exiv2.org/builds/exiv2-$pkgver-Source.tar.gz
CVE-2021-3482.patch
CVE-2021-29457.patch
CVE-2021-29458.patch
CVE-2021-29463.patch
CVE-2021-29470.patch
CVE-2021-29473.patch
CVE-2021-29623.patch
CVE-2021-32617.patch"
source="https://exiv2.org/builds/exiv2-$pkgver-Source.tar.gz"
builddir="$srcdir"/$pkgname-$pkgver-Source
prepare() {
......@@ -34,6 +26,8 @@ prepare() {
}
# secfixes:
# 0.27.4-r0:
# - CVE-2021-29464
# 0.27.3-r2:
# - CVE-2021-29463
# - CVE-2021-29470
......@@ -44,6 +38,7 @@ prepare() {
# - CVE-2021-3482
# - CVE-2021-29457
# - CVE-2021-29458
# - CVE-2021-31291
# 0.27.2-r6:
# - CVE-2019-20421
# 0.27.2-r2:
......@@ -75,13 +70,5 @@ package() {
}
sha512sums="
3f5758ee862b811eeb89cc75fc2bbd8bf10329efa2ce1e68555cdc7729faa6cfd1603e0cc859fbdbe6d8fd5e53bd9b9e6d869d8a20ed17497bf87ce78c005de9 exiv2-0.27.3-Source.tar.gz
9c3f52881df19ca2be9a66480642f5fb91d4be0dd3e513902ec4336536736ec37447df452a775dd933dc011de9d8c4ca3760e3c7545ab5d150876d9dab64bd06 CVE-2021-3482.patch
27c187c1eb1b3118e8dc3342c1ba7700a522f6e05083b3a4540c2490580320f3e59eb06a1f6abc98ad28f6a3ccb91351ee56caaa9befbb2dc6c5ea1567c711f2 CVE-2021-29457.patch
d892622c53b1ba5ac48c33a599f37853c8471cce82ae14679d33df17f1251b2e353ce2436c1c730a9a8d1e8bfd9175f7b79263e9b402ecf3ac024db69d10c0e0 CVE-2021-29458.patch
e885b5bb23b317a7050869b2bcb244fd8744ce2f6019285c8bf5dc2f16c37cb4fc76b9e214fe0fff14529bd49c63d968c8c04908841c5c9cf74c5bb9a6eb9363 CVE-2021-29463.patch
5fac2406f45439983cc6334968c238952e6ce1d84b6f665114a2dfee306bbafc02279ebcb6bda06dd22ac47117496126d9e2e1ff9882e0c03794bce781670c33 CVE-2021-29470.patch
fcb726d7fb2de1709f7f7a43ceb55b29c18c3f55f4872671e13874af219c563a05aa0d6b87c7e86b9e544d618e9ea3638cf3e830f597587b5ae0736222cccc80 CVE-2021-29473.patch
fbe5daabbcedd40474d4a5bdf79886408325768dd3cd81ab0f6332efca48e26239a600ff770788461b825146e2ad97ec334f74ea8e2d4121e8204bd95f3bfabb CVE-2021-29623.patch
565a43fb1fef12d82adc77f01ffbb90a410c8061b1cf20e1fe95faece9727274ebaa3ba3b50c4d08a6e8e7b9b5daf624198d32b02e9d88c2b8f01bf93bd9046b CVE-2021-32617.patch
f6798baafb36a54ba5bc65c2d28d4f4469e298582c90b417eb437b5dbda8e11963fb3314e8419717b3815ee8c3a68955cddc79e45351d9f2c165a0b73eb7b7be exiv2-0.27.4-Source.tar.gz
"
From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001
From: Pydera <pydera@mailbox.org>
Date: Thu, 8 Apr 2021 17:36:16 +0200
Subject: [PATCH] Fix out of buffer access in #1529
---
src/jp2image.cpp | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/jp2image.cpp b/src/jp2image.cpp
index 88ab9b2d6..12025f966 100644
--- a/src/jp2image.cpp
+++ b/src/jp2image.cpp
@@ -776,9 +776,10 @@ static void boxes_check(size_t b,size_t m)
#endif
box.length = (uint32_t) (io_->size() - io_->tell() + 8);
}
- if (box.length == 1)
+ if (box.length < 8)
{
- // FIXME. Special case. the real box size is given in another place.
+ // box is broken, so there is nothing we can do here
+ throw Error(kerCorruptedMetadata);
}
// Read whole box : Box header + Box data (not fixed size - can be null).
From 0a91b56616404f7b29ca28deb01ce18b767d1871 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Fri, 9 Apr 2021 13:26:23 +0100
Subject: [PATCH 1/5] Fix incorrect delete.
---
src/crwimage_int.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
index a44a67e2c..6f89fa8b8 100644
--- a/src/crwimage_int.cpp
+++ b/src/crwimage_int.cpp
@@ -579,7 +579,7 @@ namespace Exiv2 {
void CiffComponent::setValue(DataBuf buf)
{
if (isAllocated_) {
- delete pData_;
+ delete[] pData_;
pData_ = 0;
size_ = 0;
}
From 9b7a19f957af53304655ed1efe32253a1b11a8d0 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Fri, 9 Apr 2021 13:37:48 +0100
Subject: [PATCH 3/5] Fix integer overflow.
---
src/crwimage_int.cpp | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
index 6f89fa8b8..7b958c26f 100644
--- a/src/crwimage_int.cpp
+++ b/src/crwimage_int.cpp
@@ -1187,7 +1187,11 @@ namespace Exiv2 {
pCrwMapping->crwDir_);
if (edX != edEnd || edY != edEnd || edO != edEnd) {
uint32_t size = 28;
- if (cc && cc->size() > size) size = cc->size();
+ if (cc) {
+ if (cc->size() < size)
+ throw Error(kerCorruptedMetadata);
+ size = cc->size();
+ }
DataBuf buf(size);
std::memset(buf.pData_, 0x0, buf.size_);
if (cc) std::memcpy(buf.pData_ + 8, cc->pData() + 8, cc->size() - 8);
From 783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Mon, 19 Apr 2021 18:06:00 +0100
Subject: [PATCH] Improve bound checking in WebPImage::doWriteMetadata()
---
src/webpimage.cpp | 41 ++++++++++++++++++++++++++++++-----------
1 file changed, 30 insertions(+), 11 deletions(-)
diff --git a/src/webpimage.cpp b/src/webpimage.cpp
index 4ddec544c..fee110bca 100644
--- a/src/webpimage.cpp
+++ b/src/webpimage.cpp
@@ -145,7 +145,7 @@ namespace Exiv2 {
DataBuf chunkId(WEBP_TAG_SIZE+1);
chunkId.pData_ [WEBP_TAG_SIZE] = '\0';
- io_->read(data, WEBP_TAG_SIZE * 3);
+ readOrThrow(*io_, data, WEBP_TAG_SIZE * 3, Exiv2::kerCorruptedMetadata);
uint64_t filesize = Exiv2::getULong(data + WEBP_TAG_SIZE, littleEndian);
/* Set up header */
@@ -185,13 +185,20 @@ namespace Exiv2 {
case we have any exif or xmp data, also check
for any chunks with alpha frame/layer set */
while ( !io_->eof() && (uint64_t) io_->tell() < filesize) {
- io_->read(chunkId.pData_, WEBP_TAG_SIZE);
- io_->read(size_buff, WEBP_TAG_SIZE);
- long size = Exiv2::getULong(size_buff, littleEndian);
+ readOrThrow(*io_, chunkId.pData_, WEBP_TAG_SIZE, Exiv2::kerCorruptedMetadata);
+ readOrThrow(*io_, size_buff, WEBP_TAG_SIZE, Exiv2::kerCorruptedMetadata);
+ const uint32_t size_u32 = Exiv2::getULong(size_buff, littleEndian);
+
+ // Check that `size_u32` is safe to cast to `long`.
+ enforce(size_u32 <= static_cast<size_t>(std::numeric_limits<unsigned int>::max()),
+ Exiv2::kerCorruptedMetadata);
+ const long size = static_cast<long>(size_u32);
DataBuf payload(size);
- io_->read(payload.pData_, payload.size_);
- byte c;
- if ( payload.size_ % 2 ) io_->read(&c,1);
+ readOrThrow(*io_, payload.pData_, payload.size_, Exiv2::kerCorruptedMetadata);
+ if ( payload.size_ % 2 ) {
+ byte c;
+ readOrThrow(*io_, &c, 1, Exiv2::kerCorruptedMetadata);
+ }
/* Chunk with information about features
used in the file. */
@@ -199,6 +206,7 @@ namespace Exiv2 {
has_vp8x = true;
}
if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8X) && !has_size) {
+ enforce(size >= 10, Exiv2::kerCorruptedMetadata);
has_size = true;
byte size_buf[WEBP_TAG_SIZE];
@@ -227,6 +235,7 @@ namespace Exiv2 {
}
#endif
if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8) && !has_size) {
+ enforce(size >= 10, Exiv2::kerCorruptedMetadata);
has_size = true;
byte size_buf[2];
@@ -244,11 +253,13 @@ namespace Exiv2 {
/* Chunk with with lossless image data. */
if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8L) && !has_alpha) {
+ enforce(size >= 5, Exiv2::kerCorruptedMetadata);
if ((payload.pData_[4] & WEBP_VP8X_ALPHA_BIT) == WEBP_VP8X_ALPHA_BIT) {
has_alpha = true;
}
}
if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8L) && !has_size) {
+ enforce(size >= 5, Exiv2::kerCorruptedMetadata);
has_size = true;
byte size_buf_w[2];
byte size_buf_h[3];
@@ -276,11 +287,13 @@ namespace Exiv2 {
/* Chunk with animation frame. */
if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_ANMF) && !has_alpha) {
+ enforce(size >= 6, Exiv2::kerCorruptedMetadata);
if ((payload.pData_[5] & 0x2) == 0x2) {
has_alpha = true;
}
}
if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_ANMF) && !has_size) {
+ enforce(size >= 12, Exiv2::kerCorruptedMetadata);
has_size = true;
byte size_buf[WEBP_TAG_SIZE];
@@ -309,16 +322,22 @@ namespace Exiv2 {
io_->seek(12, BasicIo::beg);
while ( !io_->eof() && (uint64_t) io_->tell() < filesize) {
- io_->read(chunkId.pData_, 4);
- io_->read(size_buff, 4);
+ readOrThrow(*io_, chunkId.pData_, 4, Exiv2::kerCorruptedMetadata);
+ readOrThrow(*io_, size_buff, 4, Exiv2::kerCorruptedMetadata);
+
+ const uint32_t size_u32 = Exiv2::getULong(size_buff, littleEndian);
- long size = Exiv2::getULong(size_buff, littleEndian);
+ // Check that `size_u32` is safe to cast to `long`.
+ enforce(size_u32 <= static_cast<size_t>(std::numeric_limits<unsigned int>::max()),
+ Exiv2::kerCorruptedMetadata);
+ const long size = static_cast<long>(size_u32);
DataBuf payload(size);
- io_->read(payload.pData_, size);
+ readOrThrow(*io_, payload.pData_, size, Exiv2::kerCorruptedMetadata);
if ( io_->tell() % 2 ) io_->seek(+1,BasicIo::cur); // skip pad
if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8X)) {
+ enforce(size >= 1, Exiv2::kerCorruptedMetadata);
if (has_icc){
payload.pData_[0] |= WEBP_VP8X_ICC_BIT;
} else {
diff --git a/src/jp2image.cpp b/src/jp2image.cpp
index 0de088d..6310c08 100644
--- a/src/jp2image.cpp
+++ b/src/jp2image.cpp
@@ -645,13 +645,16 @@ static void boxes_check(size_t b,size_t m)
DataBuf output(boxBuf.size_ + iccProfile_.size_ + 100); // allocate sufficient space
int outlen = sizeof(Jp2BoxHeader) ; // now many bytes have we written to output?
int inlen = sizeof(Jp2BoxHeader) ; // how many bytes have we read from boxBuf?
+ enforce(sizeof(Jp2BoxHeader) <= static_cast<size_t>(output.size_), Exiv2::kerCorruptedMetadata);
Jp2BoxHeader* pBox = (Jp2BoxHeader*) boxBuf.pData_;
int32_t length = getLong((byte*)&pBox->length, bigEndian);
+ enforce(length <= static_cast<size_t>(output.size_), Exiv2::kerCorruptedMetadata);
int32_t count = sizeof (Jp2BoxHeader);
char* p = (char*) boxBuf.pData_;
bool bWroteColor = false ;
while ( count < length || !bWroteColor ) {
+ enforce(sizeof(Jp2BoxHeader) <= length - count, Exiv2::kerCorruptedMetadata);
Jp2BoxHeader* pSubBox = (Jp2BoxHeader*) (p+count) ;
// copy data. pointer could be into a memory mapped file which we will decode!
From e6a0982f7cd9282052b6e3485a458d60629ffa0b Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Fri, 23 Apr 2021 11:44:44 +0100
Subject: [PATCH 2/2] Add bounds check in Jp2Image::doWriteMetadata().
---
src/jp2image.cpp | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/jp2image.cpp b/src/jp2image.cpp
index 1694fed27..ca8c9ddbb 100644
--- a/src/jp2image.cpp
+++ b/src/jp2image.cpp
@@ -908,6 +908,7 @@ static void boxes_check(size_t b,size_t m)
case kJp2BoxTypeUuid:
{
+ enforce(boxBuf.size_ >= 24, Exiv2::kerCorruptedMetadata);
if(memcmp(boxBuf.pData_ + 8, kJp2UuidExif, 16) == 0)
{
#ifdef EXIV2_DEBUG_MESSAGES
From 82e46b5524fb904e6660dadd2c6d8e5e47375a1a Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Tue, 11 May 2021 12:14:33 +0100
Subject: [PATCH] Use readOrThrow to check error conditions of iIo.read().
---
src/webpimage.cpp | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/webpimage.cpp b/src/webpimage.cpp
index 7c64ff3d7..ca26e514a 100644
--- a/src/webpimage.cpp
+++ b/src/webpimage.cpp
@@ -754,9 +754,9 @@ namespace Exiv2 {
byte webp[len];
byte data[len];
byte riff[len];
- iIo.read(riff, len);
- iIo.read(data, len);
- iIo.read(webp, len);
+ readOrThrow(iIo, riff, len, Exiv2::kerCorruptedMetadata);
+ readOrThrow(iIo, data, len, Exiv2::kerCorruptedMetadata);
+ readOrThrow(iIo, webp, len, Exiv2::kerCorruptedMetadata);
bool matched_riff = (memcmp(riff, RiffImageId, len) == 0);
bool matched_webp = (memcmp(webp, WebPImageId, len) == 0);
iIo.seek(-12, BasicIo::cur);
From c261fbaa2567687eec6a595d3016212fd6ae648d Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Sun, 16 May 2021 15:05:08 +0100
Subject: [PATCH] Fix quadratic complexity performance bug.
---
xmpsdk/src/XMPMeta-Parse.cpp | 57 +++++++++++++++++++++++-------------
1 file changed, 36 insertions(+), 21 deletions(-)
diff --git a/xmpsdk/src/XMPMeta-Parse.cpp b/xmpsdk/src/XMPMeta-Parse.cpp
index 9f66fe8..f9c37d7 100644
--- a/xmpsdk/src/XMPMeta-Parse.cpp
+++ b/xmpsdk/src/XMPMeta-Parse.cpp
@@ -976,12 +976,26 @@ ProcessUTF8Portion ( XMLParserAdapter * xmlParser,
{
const XMP_Uns8 * bufEnd = buffer + length;
- const XMP_Uns8 * spanStart = buffer;
const XMP_Uns8 * spanEnd;
-
- for ( spanEnd = spanStart; spanEnd < bufEnd; ++spanEnd ) {
- if ( (0x20 <= *spanEnd) && (*spanEnd <= 0x7E) && (*spanEnd != '&') ) continue; // A regular ASCII character.
+ // `buffer` is copied into this std::string. If `buffer` only
+ // contains valid UTF-8 and no escape characters, then the copy
+ // will be identical to the original, but invalid characters are
+ // replaced - usually with a space character. This std::string was
+ // added as a performance fix for:
+ // https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj
+ // Previously, the code was repeatedly calling
+ // `xmlParser->ParseBuffer()`, which turned out to have quadratic
+ // complexity, because expat kept reparsing the entire string from
+ // the beginning.
+ std::string copy;
+
+ for ( spanEnd = buffer; spanEnd < bufEnd; ++spanEnd ) {
+
+ if ( (0x20 <= *spanEnd) && (*spanEnd <= 0x7E) && (*spanEnd != '&') ) {
+ copy.push_back(*spanEnd);
+ continue; // A regular ASCII character.
+ }
if ( *spanEnd >= 0x80 ) {
@@ -992,21 +1006,20 @@ ProcessUTF8Portion ( XMLParserAdapter * xmlParser,
if ( uniLen > 0 ) {
// A valid UTF-8 character, keep it as-is.
+ copy.append((const char*)spanEnd, uniLen);
spanEnd += uniLen - 1; // ! The loop increment will put back the +1.
} else if ( (uniLen < 0) && (! last) ) {
// Have a partial UTF-8 character at the end of the buffer and more input coming.
- xmlParser->ParseBuffer ( spanStart, (spanEnd - spanStart), false );
+ xmlParser->ParseBuffer ( copy.c_str(), copy.size(), false );
return (spanEnd - buffer);
} else {
// Not a valid UTF-8 sequence. Replace the first byte with the Latin-1 equivalent.
- xmlParser->ParseBuffer ( spanStart, (spanEnd - spanStart), false );
const char * replacement = kReplaceLatin1 [ *spanEnd - 0x80 ];
- xmlParser->ParseBuffer ( replacement, strlen ( replacement ), false );
- spanStart = spanEnd + 1; // ! The loop increment will do "spanEnd = spanStart".
+ copy.append ( replacement );
}
@@ -1014,11 +1027,12 @@ ProcessUTF8Portion ( XMLParserAdapter * xmlParser,
// Replace ASCII controls other than tab, LF, and CR with a space.
- if ( (*spanEnd == kTab) || (*spanEnd == kLF) || (*spanEnd == kCR) ) continue;
+ if ( (*spanEnd == kTab) || (*spanEnd == kLF) || (*spanEnd == kCR) ) {
+ copy.push_back(*spanEnd);
+ continue;
+ }
- xmlParser->ParseBuffer ( spanStart, (spanEnd - spanStart), false );
- xmlParser->ParseBuffer ( " ", 1, false );
- spanStart = spanEnd + 1; // ! The loop increment will do "spanEnd = spanStart".
+ copy.push_back(' ');
} else {
@@ -1030,18 +1044,21 @@ ProcessUTF8Portion ( XMLParserAdapter * xmlParser,
if ( escLen < 0 ) {
// Have a partial numeric escape in this buffer, wait for more input.
- if ( last ) continue; // No more buffers, not an escape, absorb as normal input.
- xmlParser->ParseBuffer ( spanStart, (spanEnd - spanStart), false );
+ if ( last ) {
+ copy.push_back('&');
+ continue; // No more buffers, not an escape, absorb as normal input.
+ }
+ xmlParser->ParseBuffer ( copy.c_str(), copy.size(), false );
return (spanEnd - buffer);
} else if ( escLen > 0 ) {
// Have a complete numeric escape to replace.
- xmlParser->ParseBuffer ( spanStart, (spanEnd - spanStart), false );
- xmlParser->ParseBuffer ( " ", 1, false );
- spanStart = spanEnd + escLen;
- spanEnd = spanStart - 1; // ! The loop continuation will increment spanEnd!
+ copy.push_back(' ');
+ spanEnd = spanEnd + escLen - 1; // ! The loop continuation will increment spanEnd!
+ } else {
+ copy.push_back('&');
}
}
@@ -1050,8 +1067,8 @@ ProcessUTF8Portion ( XMLParserAdapter * xmlParser,
XMP_Assert ( spanEnd == bufEnd );
- if ( spanStart < bufEnd ) xmlParser->ParseBuffer ( spanStart, (spanEnd - spanStart), false );
- if ( last ) xmlParser->ParseBuffer ( " ", 1, true );
+ copy.push_back(' ');
+ xmlParser->ParseBuffer ( copy.c_str(), copy.size(), true );
return length;
From 22ea582c6b74ada30bec3a6b15de3c3e52f2b4da Mon Sep 17 00:00:00 2001
From: Robin Mills <robin@clanmills.com>
Date: Mon, 5 Apr 2021 20:33:25 +0100
Subject: [PATCH] fix_1522_jp2image_exif_asan
---
src/jp2image.cpp | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/jp2image.cpp b/src/jp2image.cpp
index eb31cea4a..88ab9b2d6 100644
--- a/src/jp2image.cpp
+++ b/src/jp2image.cpp
@@ -28,6 +28,7 @@
#include "image.hpp"
#include "image_int.hpp"
#include "basicio.hpp"
+#include "enforce.hpp"
#include "error.hpp"
#include "futils.hpp"
#include "types.hpp"
@@ -353,7 +354,7 @@ static void boxes_check(size_t b,size_t m)
if (io_->error()) throw Error(kerFailedToReadImageData);
if (bufRead != rawData.size_) throw Error(kerInputDataReadFailed);
- if (rawData.size_ > 0)
+ if (rawData.size_ > 8) // "II*\0long"
{
// Find the position of Exif header in bytes array.
long pos = ( (rawData.pData_[0] == rawData.pData_[1])
@@ -497,6 +498,7 @@ static void boxes_check(size_t b,size_t m)
position = io_->tell();
box.length = getLong((byte*)&box.length, bigEndian);
box.type = getLong((byte*)&box.type, bigEndian);
+ enforce(box.length <= io_->size()-io_->tell() , Exiv2::kerCorruptedMetadata);
if (bPrint) {
out << Internal::stringFormat("%8ld | %8ld | ", (size_t)(position - sizeof(box)),
@@ -581,12 +583,13 @@ static void boxes_check(size_t b,size_t m)
throw Error(kerInputDataReadFailed);
if (bPrint) {
- out << Internal::binaryToString(makeSlice(rawData, 0, 40));
+ out << Internal::binaryToString(
+ makeSlice(rawData, 0, rawData.size_>40?40:rawData.size_));
out.flush();
}
lf(out, bLF);
- if (bIsExif && bRecursive && rawData.size_ > 0) {
+ if (bIsExif && bRecursive && rawData.size_ > 8) { // "II*\0long"
if ((rawData.pData_[0] == rawData.pData_[1]) &&
(rawData.pData_[0] == 'I' || rawData.pData_[0] == 'M')) {
BasicIo::AutoPtr p = BasicIo::AutoPtr(new MemIo(rawData.pData_, rawData.size_));
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment