- Email: email@example.com
- Registered on: 10 Mar 2013
- Last connection: 21 Mar 2013
14 Mar 2013
- 15:06 Exiv2 Bug #890: ASF: heap overflow
- If Abhinav or others familiar with the project can find the time to fix these bugs, then I think it's a much better i...
- 14:46 Exiv2 Bug #893 (Assigned): EPS: crash on invalid input
- epsimage.cpp:329/335 don't detect overflow of pos+size (and don't error out in the read case anyway). You can crash 3...
13 Mar 2013
- 16:16 Exiv2 Bug #890: ASF: heap overflow
- You need to also check for dataLength being too low in your new checks on quicktimevideo.cpp:1082/1100/1119/1138, bec...
- 15:35 Exiv2 Bug #890: ASF: heap overflow
- That certainly fixes my testcase. I'll check the other cases, thanks for the quick response.
12 Mar 2013
- 13:32 Exiv2 Bug #891 (New): MRW: potential infinite loop on invalid input
- In 32-bit builds, the seek on mrwimage.cpp:135 can be backwards if the input file has a large enough value for siz, a...
11 Mar 2013
- 07:49 Exiv2 Bug #890 (Closed): ASF: heap overflow
- asfvideo.cpp:624 reads dataLength amount of data into a buffer of size 500, causing a heap overflow if dataLength>500...
- 07:38 Exiv2 Bug #889 (Closed): CRW: crashes when passed invalid data
- crwimage.cpp is missing some sanity checks, leading to crashes when trying to load malformed CRW files.
- 02:38 Exiv2 Bug #888: (near-)infinite loop in video decoders
- Sorry, if you don't care about bugs caused by invalid data, these bugs are irrelevant. That's why I said "I don't kno...
10 Mar 2013
- 16:02 Exiv2 Bug #888 (Closed): (near-)infinite loop in video decoders
- If I hand RiffVideo::nikonTagsHandler() data with a size value <4, then it subtracts 4 from it (riffvideo.cpp:745 at ...
Also available in: Atom