void-packages/srcpkgs/jhead/patches/CVE-2018-6612.patch

From: Ludovic Rousseau <rousseau@debian.org>
Date: Sat, 3 Feb 2018 10:23:09 +0100
Subject: Fix heap buffer overflow

Bug-Debian: http://bugs.debian.org/889272

---
 exif.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/exif.c b/exif.c
index bcde6c8..1dee145 100644
--- exif.c
+++ exif.c
@@ -1020,7 +1020,7 @@ void process_EXIF (unsigned char * ExifSection, unsigned int length)
 
     FirstOffset = Get32u(ExifSection+12);
     if (FirstOffset < 8 || FirstOffset > 16){
-        if (FirstOffset < 16 || FirstOffset > length-16){
+        if (FirstOffset < 16 || length < 16 || FirstOffset > length-16){
             ErrNonfatal("invalid offset for first Exif IFD value",0,0);
             return;
         }
jhead: fix CVE-2018-16554 CVE-2018-17088 CVE-2018-6612 2018-10-03 17:40:21 +02:00			`From: Ludovic Rousseau <rousseau@debian.org>`
			`Date: Sat, 3 Feb 2018 10:23:09 +0100`
			`Subject: Fix heap buffer overflow`

			`Bug-Debian: http://bugs.debian.org/889272`

			`---`
			`exif.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/exif.c b/exif.c`
			`index bcde6c8..1dee145 100644`
			`--- exif.c`
			`+++ exif.c`
			`@@ -1020,7 +1020,7 @@ void process_EXIF (unsigned char * ExifSection, unsigned int length)`

			`FirstOffset = Get32u(ExifSection+12);`
			`if (FirstOffset < 8 \|\| FirstOffset > 16){`
			`- if (FirstOffset < 16 \|\| FirstOffset > length-16){`
			`+ if (FirstOffset < 16 \|\| length < 16 \|\| FirstOffset > length-16){`
			`ErrNonfatal("invalid offset for first Exif IFD value",0,0);`
			`return;`
			`}`