Merge pull request #2191 from Exiv2/main_fix2190

piponazo · web-flow · commit 3f496bd26433 · 2022-04-04T11:33:42.000+02:00
Detect integer-overflow and throw in that case
diff --git a/src/exif.cpp b/src/exif.cpp
@@ -14,6 +14,7 @@
 #include "config.h"
 #include "error.hpp"
 #include "metadatum.hpp"
+#include "safe_op.hpp"
 #include "tags.hpp"
 #include "tags_int.hpp"
 #include "tiffcomposite_int.hpp"  // for Tag::root
@@ -741,7 +742,7 @@ Exiv2::DataBuf JpegThumbnail::copy(const Exiv2::ExifData& exifData) const {
 int64_t sumToLong(const Exiv2::Exifdatum& md) {
   int64_t sum = 0;
   for (size_t i = 0; i < md.count(); ++i) {
-    sum += md.toInt64(i);
+    sum = Safe::add(sum, md.toInt64(i));
   }
   return sum;
 }
diff --git a/test/data/issue_2190_poc.jp2 b/test/data/issue_2190_poc.jp2
diff --git a/tests/regression_tests/test_regression_allfiles.py b/tests/regression_tests/test_regression_allfiles.py
@@ -54,6 +54,7 @@ def get_valid_files(data_dir):
         "issue_ghsa_8949_hhfh_j7rj_poc.exv",
         "exiv2-bug495.jpg",
         "issue_1920_poc.tiff",
+        "issue_2190_poc.jp2",
         # non-zero return code files, most of them are security POC so we don't
         # really need to worry about them here
         "2018-01-09-exiv2-crash-001.tiff",
