summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan Fandrich <dan@coneharvesters.com>2020-05-16 19:29:21 +0200
committerJeongmo Yang <jm80.yang@samsung.com>2020-06-08 12:44:34 +0900
commitb3fd1b4c572667275713f2e7adae0fad548d311f (patch)
tree4cdfe65b2fe3979096fdac30bb644f927053407e
parent5819a64fcec0610e4ab984887e141c1a619d8687 (diff)
downloadlibexif-accepted/tizen_6.0_unified.tar.gz
libexif-accepted/tizen_6.0_unified.tar.bz2
libexif-accepted/tizen_6.0_unified.zip
This ensures that an uninitialized pointer isn't dereferenced later in the case where the number of components (and therefore size) is 0. This fixes the second issue reported at https://sourceforge.net/p/libexif/bugs/125/ CVE-2020-13113 Change-Id: I93a19b0d66ef34b22a4485a492be92836711eb0a Signed-off-by: Jeongmo Yang <jm80.yang@samsung.com>
-rw-r--r--libexif/canon/exif-mnote-data-canon.c1
-rw-r--r--libexif/fuji/exif-mnote-data-fuji.c1
-rw-r--r--libexif/olympus/exif-mnote-data-olympus.c1
-rw-r--r--libexif/pentax/exif-mnote-data-pentax.c1
-rw-r--r--packaging/libexif.spec2
5 files changed, 5 insertions, 1 deletions
diff --git a/libexif/canon/exif-mnote-data-canon.c b/libexif/canon/exif-mnote-data-canon.c
index 5c043cf..52f851b 100644
--- a/libexif/canon/exif-mnote-data-canon.c
+++ b/libexif/canon/exif-mnote-data-canon.c
@@ -234,6 +234,7 @@ exif_mnote_data_canon_load (ExifMnoteData *ne,
for (i = c, o = datao; i; --i, o += 12) {
size_t s;
+ memset(&n->entries[tcount], 0, sizeof(MnoteCanonEntry));
if (CHECKOVERFLOW(o,buf_size,12)) {
exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteCanon", "Short MakerNote");
diff --git a/libexif/fuji/exif-mnote-data-fuji.c b/libexif/fuji/exif-mnote-data-fuji.c
index a0bcb67..2de0f67 100644
--- a/libexif/fuji/exif-mnote-data-fuji.c
+++ b/libexif/fuji/exif-mnote-data-fuji.c
@@ -198,6 +198,7 @@ exif_mnote_data_fuji_load (ExifMnoteData *en,
for (i = c, o = datao; i; --i, o += 12) {
size_t s;
+ memset(&n->entries[tcount], 0, sizeof(MnoteFujiEntry));
if (CHECKOVERFLOW(o, buf_size, 12)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataFuji", "Short MakerNote");
diff --git a/libexif/olympus/exif-mnote-data-olympus.c b/libexif/olympus/exif-mnote-data-olympus.c
index 4d158ce..45e4bc5 100644
--- a/libexif/olympus/exif-mnote-data-olympus.c
+++ b/libexif/olympus/exif-mnote-data-olympus.c
@@ -433,6 +433,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en,
tcount = 0;
for (i = c, o = o2; i; --i, o += 12) {
size_t s;
+ memset(&n->entries[tcount], 0, sizeof(MnoteOlympusEntry));
if (CHECKOVERFLOW(o, buf_size, 12)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteOlympus", "Short MakerNote");
diff --git a/libexif/pentax/exif-mnote-data-pentax.c b/libexif/pentax/exif-mnote-data-pentax.c
index 319d4c6..c23a7e4 100644
--- a/libexif/pentax/exif-mnote-data-pentax.c
+++ b/libexif/pentax/exif-mnote-data-pentax.c
@@ -280,6 +280,7 @@ exif_mnote_data_pentax_load (ExifMnoteData *en,
for (i = c, o = datao; i; --i, o += 12) {
size_t s;
+ memset(&n->entries[tcount], 0, sizeof(MnotePentaxEntry));
if (CHECKOVERFLOW(o,buf_size,12)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataPentax", "Short MakerNote");
diff --git a/packaging/libexif.spec b/packaging/libexif.spec
index c6030ed..6a92be7 100644
--- a/packaging/libexif.spec
+++ b/packaging/libexif.spec
@@ -1,6 +1,6 @@
Name: libexif
Version: 0.6.21
-Release: 3
+Release: 4
License: LGPL-2.1
Summary: An EXIF Tag Parsing Library for Digital Cameras
Url: http://libexif.sourceforge.net