| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 |
- diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
- index 29311fd..c0d9553 100644
- --- a/src/crwimage_int.cpp
- +++ b/src/crwimage_int.cpp
- @@ -268,6 +268,9 @@ namespace Exiv2 {
- #ifdef EXIV2_DEBUG_MESSAGES
- std::cout << "Reading directory 0x" << std::hex << tag() << "\n";
- #endif
- + if (this->offset() + this->size() > size)
- + throw Error(kerOffsetOutOfRange);
- +
- readDirectory(pData + offset(), this->size(), byteOrder);
- #ifdef EXIV2_DEBUG_MESSAGES
- std::cout << "<---- 0x" << std::hex << tag() << "\n";
- diff --git a/test/data/POC-file_issue_1019 b/test/data/POC-file_issue_1019
- new file mode 100755
- index 0000000..e69de29
- diff --git a/tests/bugfixes/github/test_issue_1019.py b/tests/bugfixes/github/test_issue_1019.py
- new file mode 100644
- index 0000000..c2682f9
- --- /dev/null
- +++ b/tests/bugfixes/github/test_issue_1019.py
- @@ -0,0 +1,14 @@
- +from system_tests import CaseMeta, path
- +
- +
- +class OverreadInCiffDirectoryReadDirectory(metaclass=CaseMeta):
- +
- + filename = path("$data_path/POC-file_issue_1019")
- + commands = ["$exiv2 -pv $filename"]
- + stdout = [""]
- + stderr = [
- + """$exiv2_exception_message $filename:
- +$kerOffsetOutOfRange
- +"""
- + ]
- + retval = [1]
- diff --git a/tests/suite.conf b/tests/suite.conf
- index 5b31930..dab7427 100644
- --- a/tests/suite.conf
- +++ b/tests/suite.conf
- @@ -19,6 +19,7 @@ largeiptc_test: ${ENV:exiv2_path}/largeiptc-test${ENV:binary_extension}
- easyaccess_test: ${ENV:exiv2_path}/easyaccess-test${ENV:binary_extension}
-
- [variables]
- +kerOffsetOutOfRange: Offset out of range
- kerFailedToReadImageData: Failed to read image data
- kerCorruptedMetadata: corrupted image metadata
- kerInvalidMalloc: invalid memory allocation request
|
