summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2023-02-08riscv64: Update config.sub and config.guessHEADtizen_8.0_m2_releaseaccepted/tizen/unified/20230222.161520accepted/tizen/8.0/unified/20231005.095038tizen_8.0tizenaccepted/tizen_unifiedaccepted/tizen_8.0_unifiedMarek Pikuła2-1986/+2461
Change-Id: Ibbce3ec52409156aa976733cf836ba2deb22130c Signed-off-by: Marek Pikuła <m.pikula@partner.samsung.com>
2020-10-23Upgrage to 0.6.22tizen_7.0_m2_releasetizen_6.5.m2_releasesubmit/tizen_6.5/20211028.163501submit/tizen/20201026.023621accepted/tizen/unified/20201028.123852accepted/tizen/7.0/unified/hotfix/20221116.110951accepted/tizen/7.0/unified/20221110.063417accepted/tizen/6.5/unified/20211029.013555tizen_7.0_hotfixtizen_7.0tizen_6.5accepted/tizen_7.0_unified_hotfixaccepted/tizen_7.0_unifiedaccepted/tizen_6.5_unifiedJeongmo Yang187-36295/+28902
Change-Id: I19b63acfb173b87854929a93779071e580f8bb98 Signed-off-by: Jeongmo Yang <jm80.yang@samsung.com>
2020-06-08Ensure the MakerNote data pointers are initialized with NULL.tizen_6.0.m2_releasesubmit/tizen_6.0_hotfix/20201103.115102submit/tizen_6.0_hotfix/20201102.192902submit/tizen_6.0/20201029.205502submit/tizen/20200608.074032accepted/tizen/unified/20200609.153652accepted/tizen/6.0/unified/hotfix/20201103.050952accepted/tizen/6.0/unified/hotfix/20201102.233921accepted/tizen/6.0/unified/20201030.110329tizen_6.0_hotfixtizen_6.0accepted/tizen_6.0_unified_hotfixaccepted/tizen_6.0_unifiedDan Fandrich5-1/+5
This ensures that an uninitialized pointer isn't dereferenced later in the case where the number of components (and therefore size) is 0. This fixes the second issue reported at https://sourceforge.net/p/libexif/bugs/125/ CVE-2020-13113 Change-Id: I93a19b0d66ef34b22a4485a492be92836711eb0a Signed-off-by: Jeongmo Yang <jm80.yang@samsung.com>
2020-06-08Fix MakerNote tag size overflow issues at read time.Dan Fandrich4-22/+68
Check for a size overflow while reading tags, which ensures that the size is always consistent for the given components and type of the entry, making checking further down superfluous. This provides an alternate fix for https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 and for all the MakerNote types. Likely, this makes both commits 41bd0423 and 89e5b1c1 redundant as it ensures that MakerNote entries are well-formed when they're populated. Some improvements on top by Marcus Meissner <marcus@jet.franken.de> CVE-2020-13112 Change-Id: I334efda3fbf2b0bae831f74e8fa866303d0ec93b Signed-off-by: Jeongmo Yang <jm80.yang@samsung.com>
2020-05-180.6.22 releaselibexif-0_6_22-releaseMarcus Meissner2-3/+4
fixes https://github.com/libexif/libexif/issues/12
2020-05-18SECURITY.md added to EXTRA_DIST, make distcheck otherwise does not like itMarcus Meissner1-0/+1
2020-05-17first updateMarcus Meissner1-1/+22
2020-05-17added me, some security related workMarcus Meissner1-0/+1
2020-05-17handle illegal offsets earlierMarcus Meissner1-0/+5
Bail out if an offset runs over the datasize. fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20065&q=libexif&can=2
2020-05-17Add support for Composite Image tags from Exif 2.32 (#40)Woodrow Douglass2-0/+15
2020-05-17Rename 'binary' directory to 'binary-dist' (#43)Hugh McMaster5-5/+5
* Rename 'binary' directory to 'binary-dist' Debian invokes a 'binary' target in its build process. The presence of the 'binary' directory breaks the automated build, as 'make' thinks the target has already been invoked. * Use substitution variable for 'mkdir -p' instead of hard-coding the command
2020-05-16Fix an unused variable warning.Dan Fandrich1-1/+1
2020-05-16Add a failsafe on the maximum number of Canon MakerNote subtags.Dan Fandrich1-0/+21
A malicious file could be crafted to cause extremely large values in some tags without tripping any buffer range checks. This is bad with the libexif representation of Canon MakerNotes because some arrays are turned into individual tags that the application must loop around. The largest value I've seen for failsafe_size in a (very small) sample of valid Canon files is <5000. The limit is set two orders of magnitude larger to avoid tripping up falsely in case some models use much larger values. Patch from Google. CVE-2020-13114
2020-05-16Fix stack buffer overflows in exif_content_dump and exif_entry_dump.Dan Fandrich2-10/+10
If too large an indent is given, a local buffer will overflow. This can't happen when called through exif_data_dump (which is likely the most common case) and since they are documented as being for diagnostic purposes only, this shouldn't pose too big a security risk in the wild. Reported-by: jonnygrant. (not exploitable by malicious data)
2020-05-16Ensure the MakerNote data pointers are initialized with NULL.Dan Fandrich4-0/+4
This ensures that an uninitialized pointer isn't dereferenced later in the case where the number of components (and therefore size) is 0. This fixes the second issue reported at https://sourceforge.net/p/libexif/bugs/125/ CVE-2020-13113
2020-05-16Fix MakerNote tag size overflow issues at read time.Dan Fandrich4-22/+69
Check for a size overflow while reading tags, which ensures that the size is always consistent for the given components and type of the entry, making checking further down superfluous. This provides an alternate fix for https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 and for all the MakerNote types. Likely, this makes both commits 41bd0423 and 89e5b1c1 redundant as it ensures that MakerNote entries are well-formed when they're populated. Some improvements on top by Marcus Meissner <marcus@jet.franken.de> CVE-2020-13112
2020-05-16reduce code in fuzzerMarcus Meissner1-18/+6
2020-05-16add extern "C" wrapperMarcus Meissner1-0/+8
fixes https://github.com/libexif/libexif/issues/41
2020-05-16libexif: Fix read buffer overflow (CVE-2020-0093)Marcus Meissner1-1/+3
Make sure the number of bytes being copied from doesn't exceed the source buffer size. From Android repo: https://android.googlesource.com/platform/external/libexif/+/0335ffc17f9b9a4831c242bb08ea92f605fde7a6%5E%21/#F0 Test: testPocBug_148705132 Bug: 148705132 fixes https://github.com/libexif/libexif/issues/42
2020-04-26Switch to sourceline syntax for the toolchain PPA in Travis.Dan Fandrich1-3/+4
2020-04-25Reorganize some Travis builds.Dan Fandrich1-16/+61
Travis defaults to xenial these days, so some builds were redundant. Add gcc9, clang9 and clang10 builds. Switch the sanitize build to clang10. Add a PPC build.
2020-02-29add a SECURITY.md, describe attack surface and valid attack scenariosMarcus Meissner2-1/+44
2020-02-24Update the exif-entry.c (#32)orangesnn1-3/+4
dividing by zero
2020-02-24bugfix: change 0xa000 tag name (#38)Crane10-10/+10
According to DC-08-2012 FlashPixVersion shoule be FlashpixVersion
2020-02-23Update exif-loader.c (#33)orangesnn1-1/+1
undefined behaviour : cannot be represented in type 'int'
2020-01-18cast to unsigned int before shifting leftMarcus Meissner1-2/+2
(weird integer promotion, a unsigned char will be first tried to be promoted to "int" apparently, so we need to cast it to avoid implicit behaviour) fixes https://github.com/libexif/libexif/issues/20
2020-01-18fix CVE-2019-9278Marcus Meissner1-10/+18
avoid the use of unsafe integer overflow checking constructs (unsigned integer operations cannot overflow, so "u1 + u2 > u1" can be optimized away) check for the actual sizes, which should also handle the overflows document other places google patched, but do not seem relevant due to other restrictions fixes https://github.com/libexif/libexif/issues/26
2019-12-13cirrus: Switch the FreeBSD 12.x build to 12.1 and drop 10.4.Dan Fandrich1-3/+2
Upstream support for 10.4 ended a year ago, and it looks like the image is now gone, too. [skip ci]
2019-11-05Fix decoding of Windows XP proprietary tags on big-endian machines.Dan Fandrich3-16/+23
Reported by Thorsten Otto. Fixes #22.
2019-11-05Fix a buffer read overflow in exif_entry_get_valueDan Fandrich1-2/+2
While parsing EXIF_TAG_FOCAL_LENGTH it was possible to read 8 bytes past the end of a heap buffer. This was detected by the OSS Fuzz project. Patch from Google. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7344 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14543
2019-11-05EXIF_TAG_GAMMA is found in Exif 2.3Dan Fandrich1-2/+2
2019-10-17Increase the git clone depth.Dan Fandrich1-2/+4
If more commits are submitted to master between the time of triggering the first Cirrus build and the time the final build gets started, the desired commit is no longer at HEAD and the build will error out. [skip ci]
2019-10-16Add an ARM64 build on Travis.Dan Fandrich1-1/+6
2019-09-25Switch the Cirrus FreeBSD 11.x build to 11.3 and add a 13.0 build.Dan Fandrich1-3/+6
Also, select the images using image_family to get the latest snapshots automatically. [skip ci]
2019-08-09Relicensed my contributions to stdint.m4 under LGPL.Dan Fandrich1-8/+0
This brings the file under the same license as the rest of the project by default, and eliminates the ambiguous (but well-intentioned) license under which it was supplied. [skip ci]
2019-08-01Enabled -Werror on some Travis builds.Dan Fandrich1-6/+6
This will cause any compiler warnings to be treated as errors and fail the CI build. A couple of warnings are grandfathered in until they are fixed in the code. The -Werror switch can't be added to the CFLAGS on the configure command because it causes some autoconf tests to fail. Instead, it's appended to the existing flags at make time.
2019-08-01Fixed a couple of compiler warnings.Dan Fandrich2-2/+2
2019-08-01Make failmalloc disable itself on program exit.Dan Fandrich1-2/+6
Something in the Travis build environment has changed recently to cause failmalloc runs to crash while exiting due to a NULL pointer dereference in the coverage writing code. This fix causes failmalloc to automatically disable itself once main() exits so subsequent memory requests always succeed. Since the application (and library) have no control over what happens during exit cleanup anyway, this does not affect its functionality.
2019-08-01Switched a few builds to use the slightly more modern Xenial.Dan Fandrich1-6/+6
This fixes the clang6 build since the Trusty environment has started complaining that libjsoncpp0 doesn't exist when trying to install clang-6.0.
2019-07-29Add a few more NULL pointer checks.Dan Fandrich3-9/+66
Extended test-null.c to verify them. Fixes #19 (reported by jonnygrant@).
2019-07-25German translation for new Exif 2.3 tagsDirk Farin1-3/+61
2019-07-25add new tags from Exif 2.3 specificationDirk Farin2-0/+34
2019-07-19Documented some return values in the case of errors.Dan Fandrich9-11/+51
Also, added docs for a few functions that were missing them. Fixes issue #18. [skip ci]
2019-07-17Stopped printing some values as int in exif_mnote_data_get_valueDan Fandrich2-3/+3
This is the same change as the previous one but for the MakerNotes. Patch from Google.
2019-07-12Stopped printing some values as int in exif_entry_get_valueDan Fandrich1-7/+7
By leaving them as double, it avoids undefined behaviour when the values are out of the range of an int. This also has the side effect of rounding some values to the nearest integer, improving display accuracy. Patch from Google.
2019-07-12Added a comment regarding malformed UTF-16 strings.Dan Fandrich1-0/+4
2019-07-12Avoid OOB read on short buffer in various Olympus-like MakerNotes.Dan Fandrich1-12/+7
A sanity check on entry to the block ensures a minimum buffer size, so a few other checks were redundant and could actually be removed. This improves on commit a0c04d9c. Fixes https://sourceforge.net/p/libexif/bugs/132/ found by the Google Autofuzz project. Patch from Google.
2019-06-15fixed a buffer overread (OSS-Fuzz)Marcus Meissner1-1/+1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8884
2019-05-21Increase git clone depth in Travis.Dan Fandrich1-1/+2
The value of 1 caused problems when more than one commit was pushed but the most recent commit(s) had a "skip ci" note. Travis would try to build from a prior new commit without the tag but it would fail because only the most recent was available.
2019-05-21Removed some extraneous space characters from translations.Dan Fandrich6-15/+15
[skip ci]