-
Notifications
You must be signed in to change notification settings - Fork 278
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1787 from Exiv2/mergify/bp/main/pr-1766
Extra checking to prevent loop counter from wrapping around (backport #1766)
- Loading branch information
Showing
13 changed files
with
87 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
# -*- coding: utf-8 -*- | ||
|
||
from system_tests import CaseMeta, FileDecoratorBase, path | ||
from struct import * | ||
|
||
# The PoC is a fairly large file, mostly consisting of zero bytes, | ||
# so it would be a waste of storage to check it into the repo. | ||
# Instead, we can generate the PoC with a small amount of code: | ||
class CreatePoC(FileDecoratorBase): | ||
""" | ||
This class copies files from test/data to test/tmp | ||
Copied files are NOT removed in tearDown | ||
Example: @CopyTmpFiles("$data_path/test_issue_1180.exv") | ||
""" | ||
|
||
#: override the name of the file list | ||
FILE_LIST_NAME = '_tmp_files' | ||
|
||
def setUp_file_action(self, expanded_file_name): | ||
size = 0x20040 | ||
contents = pack('<2sI8sHHIIHHII', bytes(b'II'), 14, bytes(b'HEAPCCDR'), \ | ||
1, 0x300b, size - 26, 12, 1, 0x102a, size - 38, 12) + \ | ||
bytes(bytearray(size-38)) | ||
f = open(expanded_file_name, 'wb') | ||
f.write(contents) | ||
f.close() | ||
|
||
def tearDown_file_action(self, f): | ||
""" | ||
Do nothing. We don't clean up TmpFiles | ||
""" | ||
|
||
# This decorator generates the PoC file. | ||
@CreatePoC("$tmp_path/issue_ghsa_hqjh_hpv8_8r9p_poc.crw") | ||
|
||
class CrwMapDecodeArrayInfiniteLoop(metaclass=CaseMeta): | ||
""" | ||
Regression test for the bug described in: | ||
https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p | ||
""" | ||
url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p" | ||
|
||
filename = path("$tmp_path/issue_ghsa_hqjh_hpv8_8r9p_poc.crw") | ||
|
||
commands = ["$exiv2 $filename"] | ||
stdout = [""] | ||
stderr = [ | ||
"""Exiv2 exception in print action for file $filename: | ||
$kerCorruptedMetadata | ||
"""] | ||
retval = [1] |