Commit 8ed2f034 authored by Victor Rodriguez's avatar Victor Rodriguez Committed by Hubert Figuiere
Browse files

Issue #9 - Fix null-pointer-dereference (CVE-2018-12648)

The WEBP::GetLE32 function in
XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a
NULL pointer dereference.

https://bugs.freedesktop.org/show_bug.cgi?id=106981
#9

Signed-off-by: default avatarVictor Rodriguez <victor.rodriguez.bahena@intel.com>
Signed-off-by: Hubert Figuiere's avatarHubert Figuière <hub@figuiere.net>
parent 51e141ca
......@@ -160,9 +160,11 @@ bool VP8XChunk::xmp()
}
void VP8XChunk::xmp(bool hasXMP)
{
XMP_Uns32 flags = GetLE32(&this->data[0]);
flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT);
PutLE32(&this->data[0], flags);
if (&this->data[0] != NULL) {
XMP_Uns32 flags = GetLE32(&this->data[0]);
flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT);
PutLE32(&this->data[0], flags);
}
}
Container::Container(WEBP_MetaHandler* handler) : Chunk(NULL, handler)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment