diff options
| author |   Jeremy Huddleston <eradicator@gentoo.org> | 2005-05-10 06:07:47 +0000 |
|---|---|---|
| committer | Jeremy Huddleston <eradicator@gentoo.org> | 2005-05-10 06:07:47 +0000 |
| commit | c7010ad9cd2f5085dc3f5030a4de5f8ba8042473 (patch) | |
| tree | ea5694039d91b8c62b7e30bdee03df8c6b5f0635 /media-libs/libexif/files/libexif-0.6.12-recurse.patch | |
| parent | version bump to 1.0.3 (currently masked until testing is done); stablize 0.9.... (diff) | |
| download | gentoo-2-c7010ad9cd2f5085dc3f5030a4de5f8ba8042473.tar.gz gentoo-2-c7010ad9cd2f5085dc3f5030a4de5f8ba8042473.tar.bz2 gentoo-2-c7010ad9cd2f5085dc3f5030a4de5f8ba8042473.zip | |
Revbump to fix security bug #92035. Stable on amd64, sparc, and x86.
(Portage version: 2.0.51.21-r1)
Diffstat (limited to 'media-libs/libexif/files/libexif-0.6.12-recurse.patch')
| -rw-r--r-- | media-libs/libexif/files/libexif-0.6.12-recurse.patch | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/media-libs/libexif/files/libexif-0.6.12-recurse.patch b/media-libs/libexif/files/libexif-0.6.12-recurse.patch new file mode 100644 index 000000000000..acd1caecb50f --- /dev/null +++ b/media-libs/libexif/files/libexif-0.6.12-recurse.patch @@ -0,0 +1,70 @@ +--- libexif-0.6.12/libexif/exif-data.c.recurse 2005-05-06 13:35:17.610294000 -0400 ++++ libexif-0.6.12/libexif/exif-data.c 2005-05-06 13:37:35.112654000 -0400 +@@ -284,9 +284,10 @@ + } + + static void +-exif_data_load_data_content (ExifData *data, ExifContent *ifd, +- const unsigned char *d, +- unsigned int ds, unsigned int offset) ++exif_data_load_data_content_recurse (ExifData *data, ExifContent *ifd, ++ const unsigned char *d, ++ unsigned int ds, unsigned int offset, ++ unsigned int level) + { + ExifLong o, thumbnail_offset = 0, thumbnail_length = 0; + ExifShort n; +@@ -296,6 +297,13 @@ + + if (!data || !data->priv) return; + ++ if (level > 150) ++ { ++ exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", ++ "Deep recursion in exif_data_load_data_content"); ++ return 0; ++ } ++ + /* Read the number of entries */ + if (offset >= ds - 1) return; + n = exif_get_short (d + offset, data->priv->order); +@@ -320,18 +328,18 @@ + switch (tag) { + case EXIF_TAG_EXIF_IFD_POINTER: + CHECK_REC (EXIF_IFD_EXIF); +- exif_data_load_data_content (data, +- data->ifd[EXIF_IFD_EXIF], d, ds, o); ++ exif_data_load_data_content_recurse (data, ++ data->ifd[EXIF_IFD_EXIF], d, ds, o, level + 1); + break; + case EXIF_TAG_GPS_INFO_IFD_POINTER: + CHECK_REC (EXIF_IFD_GPS); +- exif_data_load_data_content (data, +- data->ifd[EXIF_IFD_GPS], d, ds, o); ++ exif_data_load_data_content_recurse (data, ++ data->ifd[EXIF_IFD_GPS], d, ds, o, level + 1); + break; + case EXIF_TAG_INTEROPERABILITY_IFD_POINTER: + CHECK_REC (EXIF_IFD_INTEROPERABILITY); +- exif_data_load_data_content (data, +- data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o); ++ exif_data_load_data_content_recurse (data, ++ data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o, level + 1); + break; + case EXIF_TAG_JPEG_INTERCHANGE_FORMAT: + thumbnail_offset = o; +@@ -373,6 +381,14 @@ + } + + static void ++exif_data_load_data_content (ExifData *data, ExifContent *ifd, ++ const unsigned char *d, ++ unsigned int ds, unsigned int offset) ++{ ++ exif_data_load_data_content_recurse (data, ifd, d, ds, offset, 0); ++} ++ ++static void + exif_data_save_data_content (ExifData *data, ExifContent *ifd, + unsigned char **d, unsigned int *ds, + unsigned int offset) |