DivestOS/Patches/LineageOS-14.1/android_external_libexif/323460.patch

78 lines
3.1 KiB
Diff
Raw Normal View History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jayant Chowdhary <jchowdhary@google.com>
Date: Mon, 30 Aug 2021 22:12:01 +0000
Subject: [PATCH] Ensure MakeNote data pointers are initialized with NULL.
This is a cherry-pick of
https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f
Bug: 196085005
Test: sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases
--test android.security.sts.CVE_2020_13113#testPocBug_196085005
Change-Id: Iaed1a1161e4c026bee24337a0ef5f34d2efdb3cf
Merged-In: Id106e79e829329145d27a93273241b58878bfac3
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
(cherry picked from commit 4ceb535b530fd8d0504c9df65c99045a71e12232)
Merged-In:Iaed1a1161e4c026bee24337a0ef5f34d2efdb3cf
---
libexif/canon/exif-mnote-data-canon.c | 2 ++
libexif/fuji/exif-mnote-data-fuji.c | 2 ++
libexif/olympus/exif-mnote-data-olympus.c | 2 ++
libexif/pentax/exif-mnote-data-pentax.c | 2 ++
4 files changed, 8 insertions(+)
diff --git a/libexif/canon/exif-mnote-data-canon.c b/libexif/canon/exif-mnote-data-canon.c
index 4396c53..6d97930 100644
--- a/libexif/canon/exif-mnote-data-canon.c
+++ b/libexif/canon/exif-mnote-data-canon.c
@@ -236,6 +236,8 @@ exif_mnote_data_canon_load (ExifMnoteData *ne,
tcount = 0;
for (i = c, o = datao; i; --i, o += 12) {
size_t s;
+
+ memset(&n->entries[tcount], 0, sizeof(MnoteCanonEntry));
if (CHECKOVERFLOW(o,buf_size,12)) {
exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteCanon", "Short MakerNote");
diff --git a/libexif/fuji/exif-mnote-data-fuji.c b/libexif/fuji/exif-mnote-data-fuji.c
index 11ff8c3..3f3091b 100644
--- a/libexif/fuji/exif-mnote-data-fuji.c
+++ b/libexif/fuji/exif-mnote-data-fuji.c
@@ -196,6 +196,8 @@ exif_mnote_data_fuji_load (ExifMnoteData *en,
tcount = 0;
for (i = c, o = datao; i; --i, o += 12) {
size_t s;
+
+ memset(&n->entries[tcount], 0, sizeof(MnoteFujiEntry));
if (CHECKOVERFLOW(o, buf_size, 12)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataFuji", "Short MakerNote");
diff --git a/libexif/olympus/exif-mnote-data-olympus.c b/libexif/olympus/exif-mnote-data-olympus.c
index e7bf984..493463b 100644
--- a/libexif/olympus/exif-mnote-data-olympus.c
+++ b/libexif/olympus/exif-mnote-data-olympus.c
@@ -437,6 +437,8 @@ exif_mnote_data_olympus_load (ExifMnoteData *en,
tcount = 0;
for (i = c, o = o2; i; --i, o += 12) {
size_t s;
+
+ memset(&n->entries[tcount], 0, sizeof(MnoteOlympusEntry));
if (CHECKOVERFLOW(o, buf_size, 12)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteOlympus", "Short MakerNote");
diff --git a/libexif/pentax/exif-mnote-data-pentax.c b/libexif/pentax/exif-mnote-data-pentax.c
index f9eb69c..b4722d6 100644
--- a/libexif/pentax/exif-mnote-data-pentax.c
+++ b/libexif/pentax/exif-mnote-data-pentax.c
@@ -279,6 +279,8 @@ exif_mnote_data_pentax_load (ExifMnoteData *en,
tcount = 0;
for (i = c, o = datao; i; --i, o += 12) {
size_t s;
+
+ memset(&n->entries[tcount], 0, sizeof(MnotePentaxEntry));
if (CHECKOVERFLOW(o,buf_size,12)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataPentax", "Short MakerNote");