diff options
author | Jiyong Min <jiyong.min@samsung.com> | 2017-11-02 10:41:53 +0900 |
---|---|---|
committer | Jiyong Min <jiyong.min@samsung.com> | 2017-11-02 10:43:19 +0900 |
commit | cdbc0eea9eb7c71707cd3863ea9a29e00b781488 (patch) | |
tree | f1603a5fe85ef929c128bcc1d76fa4682b202f45 /src/media-thumb-internal.c | |
parent | 945b9dea738e3eaf25579c57fc807870f33c5f51 (diff) | |
download | libmedia-thumbnail-accepted/tizen_3.0_common.tar.gz libmedia-thumbnail-accepted/tizen_3.0_common.tar.bz2 libmedia-thumbnail-accepted/tizen_3.0_common.zip |
Apply security patch (revision:09b9e1da804ae6e254f14dc9a31df751255db595)submit/tizen_3.0/20171102.073924accepted/tizen/3.0/wearable/20171107.215417accepted/tizen/3.0/tv/20171107.215358accepted/tizen/3.0/mobile/20171107.215339accepted/tizen/3.0/common/20171108.094354tizen_3.0accepted/tizen_3.0_wearableaccepted/tizen_3.0_tvaccepted/tizen_3.0_mobileaccepted/tizen_3.0_common
- Fix security issues
: SATIZENVUL-915, SATIZENVUL-926, SATIZENVUL-956
Change-Id: I1266213f645c33374ddedde27e918da0f2d54f65
Signed-off-by: Jiyong Min <jiyong.min@samsung.com>
Diffstat (limited to 'src/media-thumb-internal.c')
-rwxr-xr-x | src/media-thumb-internal.c | 46 |
1 files changed, 29 insertions, 17 deletions
diff --git a/src/media-thumb-internal.c b/src/media-thumb-internal.c index dfa825b..180f8de 100755 --- a/src/media-thumb-internal.c +++ b/src/media-thumb-internal.c @@ -368,20 +368,31 @@ int _media_thumb_get_exif_info(ExifData *ed, char *buf, int max_size, int *value ExifByteOrder mByteOrder = exif_data_get_byte_order(ed); short exif_value = exif_get_short(entry->data, mByteOrder); *value = (int)exif_value; - } else { - /* Get the contents of the tag in human-readable form */ - if (buf == NULL) { - thumb_err("buf is NULL"); - return MS_MEDIA_ERR_INVALID_PARAMETER; - } - exif_entry_get_value(entry, buf, max_size); - buf[strlen(buf)] = '\0'; } } return MS_MEDIA_ERR_NONE; } +static int __media_thumb_safe_atoi(char *buffer, int *si) +{ + char *end = NULL; + errno = 0; + thumb_retvm_if(buffer == NULL || si == NULL, MS_MEDIA_ERR_INTERNAL, "invalid parameter"); + + const long sl = strtol(buffer, &end, 10); + + thumb_retvm_if(end == buffer, MS_MEDIA_ERR_INTERNAL, "not a decimal number"); + thumb_retvm_if('\0' != *end, MS_MEDIA_ERR_INTERNAL, "extra characters at end of input: %s", end); + thumb_retvm_if((LONG_MIN == sl || LONG_MAX == sl) && (ERANGE == errno), MS_MEDIA_ERR_INTERNAL, "out of range of type long"); + thumb_retvm_if(sl > INT_MAX, MS_MEDIA_ERR_INTERNAL, "greater than INT_MAX"); + thumb_retvm_if(sl < INT_MIN, MS_MEDIA_ERR_INTERNAL, "less than INT_MIN"); + + *si = (int)sl; + + return MS_MEDIA_ERR_NONE; +} + static int _media_thumb_get_data_from_exif(ExifData *ed, void **thumb_data, int *thumb_size, @@ -419,7 +430,12 @@ static int _media_thumb_get_data_from_exif(ExifData *ed, /* copy the real thumbnail data from exif data */ if (ed->data && ed->size) { - //thumb_dbg("Size: %d, thumb: 0x%x", ed->size, ed->data); + /* NOTICE : ExifData->size type is unsigned int, But Internal IPC, and CAPI use int */ + if (ed->size > INT_MAX) { + thumb_err("EXIF thumbnail size is over INT_MAX"); + return MS_MEDIA_ERR_THUMB_TOO_BIG; + } + *thumb_data = (char *)malloc(ed->size); if (*thumb_data == NULL) { @@ -442,8 +458,7 @@ static int _media_thumb_get_data_from_exif(ExifData *ed, /* Get the contents of the tag in human-readable form */ char width[10] = {0,}; exif_entry_get_value(entry, width, 10); - - *thumb_width = atoi(width); + __media_thumb_safe_atoi(width, thumb_width); } else { thumb_warn("EXIF_TAG_IMAGE_WIDTH does not exist"); *thumb_width = 0; @@ -455,8 +470,7 @@ static int _media_thumb_get_data_from_exif(ExifData *ed, /* Get the contents of the tag in human-readable form */ char height[10] = {0, }; exif_entry_get_value(entry, height, 10); - - *thumb_height = atoi(height); + __media_thumb_safe_atoi(height, thumb_height); } else { thumb_warn("EXIF_TAG_IMAGE_LENGTH does not exist"); *thumb_height = 0; @@ -472,8 +486,7 @@ static int _media_thumb_get_data_from_exif(ExifData *ed, if (entry) { char width[10] = {0,}; exif_entry_get_value(entry, width, 10); - - *origin_width = atoi(width); + __media_thumb_safe_atoi(width, origin_width); } else { thumb_warn("EXIF_TAG_PIXEL_X_DIMENSION does not exist"); *origin_width = 0; @@ -485,8 +498,7 @@ static int _media_thumb_get_data_from_exif(ExifData *ed, if (entry) { char height[10] = {0, }; exif_entry_get_value(entry, height, 10); - - *origin_height = atoi(height); + __media_thumb_safe_atoi(height, origin_height); } else { thumb_warn("EXIF_TAG_PIXEL_Y_DIMENSION does not exist"); *origin_height = 0; |