summary refs log tree commit diff
path: root/gnu/packages/patches/libexif-CVE-2017-7544.patch
blob: c4ea373dc52d6f282a8cabac49412e9694a84fbc (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Fix CVE-2017-7544:

https://sourceforge.net/p/libexif/bugs/130/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544

Patch copied from upstream bug tracker:

https://sourceforge.net/p/libexif/bugs/130/#489a

Index: libexif/exif-data.c
===================================================================
RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v
retrieving revision 1.131
diff -u -r1.131 exif-data.c
--- a/libexif/exif-data.c	12 Jul 2012 17:28:26 -0000	1.131
+++ b/libexif/exif-data.c	25 Jul 2017 21:34:06 -0000
@@ -255,6 +255,12 @@
 			exif_mnote_data_set_offset (data->priv->md, *ds - 6);
 			exif_mnote_data_save (data->priv->md, &e->data, &e->size);
 			e->components = e->size;
+			if (exif_format_get_size (e->format) != 1) {
+				/* e->format is taken from input code,
+				 * but we need to make sure it is a 1 byte
+				 * entity due to the multiplication below. */
+				e->format = EXIF_FORMAT_UNDEFINED;
+			}
 		}
 	}