Blame SOURCES/exiv2-CVE-2021-31291.patch

aa9105
From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001
aa9105
From: Pydera <pydera@mailbox.org>
aa9105
Date: Thu, 8 Apr 2021 17:36:16 +0200
aa9105
Subject: [PATCH] Fix out of buffer access in #1529
aa9105
aa9105
---
aa9105
 src/jp2image.cpp | 5 +++--
aa9105
 1 file changed, 3 insertions(+), 2 deletions(-)
aa9105
aa9105
diff --git a/src/jp2image.cpp b/src/jp2image.cpp
aa9105
index 1892fd4..01a21f2 100644
aa9105
--- a/src/jp2image.cpp
aa9105
+++ b/src/jp2image.cpp
aa9105
@@ -737,9 +737,10 @@ namespace Exiv2
aa9105
 #endif
aa9105
                 box.length = io_->size() - io_->tell() + 8;
aa9105
             }
aa9105
-            if (box.length == 1)
aa9105
+            if (box.length < 8)
aa9105
             {
aa9105
-                // FIXME. Special case. the real box size is given in another place.
aa9105
+                // box is broken, so there is nothing we can do here
aa9105
+                throw Error(kerCorruptedMetadata);
aa9105
             }
aa9105
aa9105
             // Read whole box : Box header + Box data (not fixed size - can be null).