From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jayant Chowdhary <jchowdhary@google.com>
Date: Mon, 30 Aug 2021 22:12:01 +0000
Subject: [PATCH] Ensure MakeNote data pointers are initialized with NULL.

This is a cherry-pick of
https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f

Bug: 196085005

Test:  sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases
      --test android.security.sts.CVE_2020_13113#testPocBug_196085005

Change-Id: Iaed1a1161e4c026bee24337a0ef5f34d2efdb3cf
Merged-In: Id106e79e829329145d27a93273241b58878bfac3
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
(cherry picked from commit 4ceb535b530fd8d0504c9df65c99045a71e12232)
Merged-In:Iaed1a1161e4c026bee24337a0ef5f34d2efdb3cf
---
 libexif/canon/exif-mnote-data-canon.c     | 2 ++
 libexif/fuji/exif-mnote-data-fuji.c       | 2 ++
 libexif/olympus/exif-mnote-data-olympus.c | 2 ++
 libexif/pentax/exif-mnote-data-pentax.c   | 2 ++
 4 files changed, 8 insertions(+)

diff --git a/libexif/canon/exif-mnote-data-canon.c b/libexif/canon/exif-mnote-data-canon.c
index 4396c53..6d97930 100644
--- a/libexif/canon/exif-mnote-data-canon.c
+++ b/libexif/canon/exif-mnote-data-canon.c
@@ -236,6 +236,8 @@ exif_mnote_data_canon_load (ExifMnoteData *ne,
 	tcount = 0;
 	for (i = c, o = datao; i; --i, o += 12) {
 		size_t s;
+
+		memset(&n->entries[tcount], 0, sizeof(MnoteCanonEntry));
 		if (CHECKOVERFLOW(o,buf_size,12)) {
 			exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
 				"ExifMnoteCanon", "Short MakerNote");
diff --git a/libexif/fuji/exif-mnote-data-fuji.c b/libexif/fuji/exif-mnote-data-fuji.c
index 11ff8c3..3f3091b 100644
--- a/libexif/fuji/exif-mnote-data-fuji.c
+++ b/libexif/fuji/exif-mnote-data-fuji.c
@@ -196,6 +196,8 @@ exif_mnote_data_fuji_load (ExifMnoteData *en,
 	tcount = 0;
 	for (i = c, o = datao; i; --i, o += 12) {
 		size_t s;
+
+		memset(&n->entries[tcount], 0, sizeof(MnoteFujiEntry));
 		if (CHECKOVERFLOW(o, buf_size, 12)) {
 			exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
 				  "ExifMnoteDataFuji", "Short MakerNote");
diff --git a/libexif/olympus/exif-mnote-data-olympus.c b/libexif/olympus/exif-mnote-data-olympus.c
index e7bf984..493463b 100644
--- a/libexif/olympus/exif-mnote-data-olympus.c
+++ b/libexif/olympus/exif-mnote-data-olympus.c
@@ -437,6 +437,8 @@ exif_mnote_data_olympus_load (ExifMnoteData *en,
 	tcount = 0;
 	for (i = c, o = o2; i; --i, o += 12) {
 		size_t s;
+
+		memset(&n->entries[tcount], 0, sizeof(MnoteOlympusEntry));
 		if (CHECKOVERFLOW(o, buf_size, 12)) {
 			exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
 				  "ExifMnoteOlympus", "Short MakerNote");
diff --git a/libexif/pentax/exif-mnote-data-pentax.c b/libexif/pentax/exif-mnote-data-pentax.c
index f9eb69c..b4722d6 100644
--- a/libexif/pentax/exif-mnote-data-pentax.c
+++ b/libexif/pentax/exif-mnote-data-pentax.c
@@ -279,6 +279,8 @@ exif_mnote_data_pentax_load (ExifMnoteData *en,
 	tcount = 0;
 	for (i = c, o = datao; i; --i, o += 12) {
 		size_t s;
+
+		memset(&n->entries[tcount], 0, sizeof(MnotePentaxEntry));
 		if (CHECKOVERFLOW(o,buf_size,12)) {
 			exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
 				  "ExifMnoteDataPentax", "Short MakerNote");