Blame SOURCES/exiv2-CVE-2021-37619.patch

f77525
From 9be257340193dbe3fb810aa33531c40ae9df6414 Mon Sep 17 00:00:00 2001
f77525
From: Kevin Backhouse <kevinbackhouse@github.com>
f77525
Date: Wed, 30 Jun 2021 16:47:50 +0100
f77525
Subject: [PATCH 2/2] Fix incorrect loop condition.
f77525
f77525
---
f77525
 src/jp2image.cpp                                      |  6 ++++--
f77525
 .../bugfixes/github/test_issue_ghsa_8949_hhfh_j7rj.py | 11 +++++------
f77525
 2 files changed, 9 insertions(+), 8 deletions(-)
f77525
f77525
diff --git a/src/jp2image.cpp b/src/jp2image.cpp
f77525
index 2cd0a89..58ad5c6 100644
f77525
--- a/src/jp2image.cpp
f77525
+++ b/src/jp2image.cpp
f77525
@@ -619,11 +619,13 @@ namespace Exiv2
f77525
         char*         p      = (char*) boxBuf.pData_;
f77525
         bool          bWroteColor = false ;
f77525
f77525
-        while ( count < length || !bWroteColor ) {
f77525
+        while ( count < length && !bWroteColor ) {
f77525
             Jp2BoxHeader* pSubBox = (Jp2BoxHeader*) (p+count) ;
f77525
f77525
             // copy data.  pointer could be into a memory mapped file which we will decode!
f77525
-            Jp2BoxHeader   subBox = *pSubBox ;
f77525
+            // pSubBox isn't always an aligned pointer, so use memcpy to do the copy.
f77525
+            Jp2BoxHeader   subBox;
f77525
+            memcpy(&subBox, pSubBox, sizeof(Jp2BoxHeader));
f77525
             Jp2BoxHeader   newBox =  subBox;
f77525
f77525
             if ( count < length ) {