Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resize buffer to avoid overflow in QuickTimeVideo::userDataDecoder #2367

Merged
merged 4 commits into from
Sep 29, 2022
Merged

Resize buffer to avoid overflow in QuickTimeVideo::userDataDecoder #2367

merged 4 commits into from
Sep 29, 2022

Conversation

kevinbackhouse
Copy link
Collaborator

Fixes: #2366

@kevinbackhouse kevinbackhouse added bug OSS-Fuzz Bug reported by https://google.github.io/oss-fuzz/ labels Sep 25, 2022
@codecov
Copy link

codecov bot commented Sep 25, 2022
edited
Loading

Codecov Report

Merging #2367 (de6329d) into main (640b0fb) will increase coverage by 0.01%.
The diff coverage is 87.50%.

@@            Coverage Diff             @@
##             main    #2367      +/-   ##
==========================================
+ Coverage   63.51%   63.53%   +0.01%     
==========================================
  Files         119      119              
  Lines       20634    20602      -32     
  Branches    10245    10212      -33     
==========================================
- Hits        13106    13089      -17     
+ Misses       5399     5385      -14     
+ Partials     2129     2128       -1
Impacted Files Coverage Δ
src/quicktimevideo.cpp 58.15% <87.50%> (+1.18%) ⬆️
src/tiffimage_int.cpp 79.58% <0.00%> (-0.25%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@kevinbackhouse kevinbackhouse marked this pull request as draft September 25, 2022 22:00
@kevinbackhouse kevinbackhouse marked this pull request as ready for review September 25, 2022 23:13
@neheb neheb merged commit b3bd36c into Exiv2:main Sep 29, 2022
@risicle
Copy link

risicle commented Nov 2, 2022

I may be incorrect but isn't a similar unbounded copy into buf performed just a few lines before @

exiv2/src/quicktimevideo.cpp

Line 832 in a38e124

io_->readOrThrow(buf.data(), size - 8);
?

Or is there some assertion somewhere else that limits the value of size in those cases?

@risicle
Copy link

risicle commented Nov 2, 2022

Ah - I see that's covered by one of the other CVEs.

@nehaljwani nehaljwani mentioned this pull request May 8, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@neheb neheb neheb approved these changes

@hassec hassec Awaiting requested review from hassec

@kmilos kmilos Awaiting requested review from kmilos

@piponazo piponazo Awaiting requested review from piponazo

Assignees
No one assigned
Labels
bug OSS-Fuzz Bug reported by https://google.github.io/oss-fuzz/
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

buffer overflow in QuickTimeVideo::userDataDecoder
3 participants
@kevinbackhouse @risicle @neheb