summaryrefslogtreecommitdiffstats
path: root/source/l/exiv2/patches/16c1cd7d.patch
diff options
context:
space:
mode:
Diffstat (limited to 'source/l/exiv2/patches/16c1cd7d.patch')
-rw-r--r--source/l/exiv2/patches/16c1cd7d.patch98
1 files changed, 98 insertions, 0 deletions
diff --git a/source/l/exiv2/patches/16c1cd7d.patch b/source/l/exiv2/patches/16c1cd7d.patch
new file mode 100644
index 000000000..fc8dc9b28
--- /dev/null
+++ b/source/l/exiv2/patches/16c1cd7d.patch
@@ -0,0 +1,98 @@
+From 16c1cd7da0cd159ee2d53c39088564edaf046c77 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Milo=C5=A1=20Komar=C4=8Devi=C4=87?=
+ <miloskomarcevic@aim.com>
+Date: Fri, 16 Jun 2023 17:05:39 +0200
+Subject: [PATCH] Fix regression parsing PNG text chunks with zero length
+ payload
+
+---
+ src/pngchunk_int.cpp | 37 ++++++++++++++++++-------------------
+ 1 file changed, 18 insertions(+), 19 deletions(-)
+
+diff --git a/src/pngchunk_int.cpp b/src/pngchunk_int.cpp
+index 697a30c63c..81fbcd942d 100644
+--- a/src/pngchunk_int.cpp
++++ b/src/pngchunk_int.cpp
+@@ -100,20 +100,24 @@ DataBuf PngChunk::parseTXTChunk(const DataBuf& data, size_t keysize, TxtChunkTyp
+ }
+
+ // compressed string after the compression technique spec
+- const byte* compressedText = data.c_data(keysize + nullSeparators);
+ size_t compressedTextSize = data.size() - keysize - nullSeparators;
+- enforce(compressedTextSize < data.size(), ErrorCode::kerCorruptedMetadata);
++ if (compressedTextSize) {
++ const byte* compressedText = data.c_data(keysize + nullSeparators);
++ enforce(compressedTextSize < data.size(), ErrorCode::kerCorruptedMetadata);
+
+- zlibUncompress(compressedText, static_cast<uint32_t>(compressedTextSize), arr);
++ zlibUncompress(compressedText, static_cast<uint32_t>(compressedTextSize), arr);
++ }
+ } else if (type == tEXt_Chunk) {
+ enforce(data.size() >= Safe::add(keysize, static_cast<size_t>(1)), ErrorCode::kerCorruptedMetadata);
+ // Extract a non-compressed Latin-1 text chunk
+
+ // the text comes after the key, but isn't null terminated
+- const byte* text = data.c_data(keysize + 1);
+ size_t textsize = data.size() - keysize - 1;
++ if (textsize) {
++ const byte* text = data.c_data(keysize + 1);
+
+- arr = DataBuf(text, textsize);
++ arr = DataBuf(text, textsize);
++ }
+ } else if (type == iTXt_Chunk) {
+ enforce(data.size() > Safe::add(keysize, static_cast<size_t>(3)), ErrorCode::kerCorruptedMetadata);
+ const size_t nullCount = std::count(data.c_data(keysize + 3), data.c_data(data.size() - 1), '\0');
+@@ -127,7 +131,8 @@ DataBuf PngChunk::parseTXTChunk(const DataBuf& data, size_t keysize, TxtChunkTyp
+ const byte compressionMethod = data.read_uint8(keysize + 2);
+
+ enforce(compressionFlag == 0x00 || compressionFlag == 0x01, ErrorCode::kerCorruptedMetadata);
+- enforce(compressionMethod == 0x00, ErrorCode::kerCorruptedMetadata);
++ if (compressionFlag == 0x01)
++ enforce(compressionMethod == 0x00, ErrorCode::kerFailedToReadImageData);
+
+ // language description string after the compression technique spec
+ const size_t languageTextMaxSize = data.size() - keysize - 3;
+@@ -141,14 +146,14 @@ DataBuf PngChunk::parseTXTChunk(const DataBuf& data, size_t keysize, TxtChunkTyp
+ data.size() - (keysize + 3 + languageTextSize + 1));
+ const size_t translatedKeyTextSize = translatedKeyText.size();
+
+- if ((compressionFlag == 0x00) || (compressionFlag == 0x01 && compressionMethod == 0x00)) {
+- enforce(Safe::add(keysize + 3 + languageTextSize + 1, Safe::add(translatedKeyTextSize, static_cast<size_t>(1))) <=
+- data.size(),
+- ErrorCode::kerCorruptedMetadata);
++ enforce(Safe::add(keysize + 3 + languageTextSize + 1, Safe::add(translatedKeyTextSize, static_cast<size_t>(1))) <=
++ data.size(),
++ ErrorCode::kerCorruptedMetadata);
+
++ const auto textsize =
++ static_cast<long>(data.size() - (keysize + 3 + languageTextSize + 1 + translatedKeyTextSize + 1));
++ if (textsize) {
+ const byte* text = data.c_data(keysize + 3 + languageTextSize + 1 + translatedKeyTextSize + 1);
+- const auto textsize =
+- static_cast<long>(data.size() - (keysize + 3 + languageTextSize + 1 + translatedKeyTextSize + 1));
+
+ if (compressionFlag == 0x00) {
+ // then it's an uncompressed iTXt chunk
+@@ -156,7 +161,7 @@ DataBuf PngChunk::parseTXTChunk(const DataBuf& data, size_t keysize, TxtChunkTyp
+ std::cout << "Exiv2::PngChunk::parseTXTChunk: We found an uncompressed iTXt field\n";
+ #endif
+ arr = DataBuf(text, textsize);
+- } else if (compressionFlag == 0x01 && compressionMethod == 0x00) {
++ } else {
+ // then it's a zlib compressed iTXt chunk
+ #ifdef EXIV2_DEBUG_MESSAGES
+ std::cout << "Exiv2::PngChunk::parseTXTChunk: We found a zlib compressed iTXt field\n";
+@@ -165,12 +170,6 @@ DataBuf PngChunk::parseTXTChunk(const DataBuf& data, size_t keysize, TxtChunkTyp
+ // the compressed text comes after the translated keyword, but isn't null terminated
+ zlibUncompress(text, textsize, arr);
+ }
+- } else {
+- // then it isn't zlib compressed and we are sunk
+-#ifdef EXIV2_DEBUG_MESSAGES
+- std::cerr << "Exiv2::PngChunk::parseTXTChunk: Non-standard iTXt compression method.\n";
+-#endif
+- throw Error(ErrorCode::kerFailedToReadImageData);
+ }
+ } else {
+ #ifdef DEBUG