From fff613f338a2e1d52fd4215aac4d9656428564e4 Mon Sep 17 00:00:00 2001
From: zhanzhimin <zhanzhimin@huawei.com>
Date: Thu, 17 Sep 2020 16:53:44 +0800
Subject: [PATCH] add CVE-2018-9145.patch

---
 CVE-2018-9145.patch | 27 +++++++++++++++++++++++++++
 exiv2.spec          |  9 ++++++++-
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2018-9145.patch

diff --git a/CVE-2018-9145.patch b/CVE-2018-9145.patch
new file mode 100644
index 0000000..4015de8
--- /dev/null
+++ b/CVE-2018-9145.patch
@@ -0,0 +1,27 @@
+From c03f73268f65c73f9d3d7b670f13e48e92692750 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Roberto=20C=2E=20S=C3=A1nchez?= <roberto@connexer.com>
+Date: Fri, 18 Sep 2020 14:40:36 +0800
+Subject: [PATCH] Prevent SIGABRT on excessive subBox length in jp2image.cpp
+
+This fixes CVE-2018-9145
+---
+ src/jp2image.cpp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/jp2image.cpp b/src/jp2image.cpp
+index 3cebc2a..6a662fa 100644
+--- a/src/jp2image.cpp
++++ b/src/jp2image.cpp
+@@ -505,6 +505,10 @@ namespace Exiv2
+                             subBox.length = getLong((byte*)&subBox.length, bigEndian);
+                             subBox.type   = getLong((byte*)&subBox.type, bigEndian);
+
++                           // subBox.length makes no sense if it is larger than the rest of the file
++                            if (subBox.length > io_->size() - io_->tell()) {
++                                throw Error(kerCorruptedMetadata);
++                            }
+                             DataBuf data(subBox.length-sizeof(box));
+                             io_->read(data.pData_,data.size_);
+                             if ( bPrint ) {
+--
+2.27.0
\ No newline at end of file
diff --git a/exiv2.spec b/exiv2.spec
index 783a7f4..c180c1b 100644
--- a/exiv2.spec
+++ b/exiv2.spec
@@ -1,6 +1,6 @@
 Name:    exiv2
 Version: 0.26
-Release: 21
+Release: 22
 Summary: Exif, IPTC and XMP metadata and the ICC Profile
 License: GPLv2+
 URL:     http://www.exiv2.org/
@@ -57,6 +57,7 @@ Patch6024: CVE-2018-11037.patch
 Patch6025: backport-Fix-ICC-profile-in-PNG-images.patch
 Patch6026: backport-CVE-2019-13109.patch
 Patch6027: exiv2-CVE-2019-13111.patch
+Patch6028: CVE-2018-9145.patch
 
 Provides: exiv2-libs
 Obsoletes: exiv2-libs
@@ -120,6 +121,12 @@ test -x %{buildroot}%{_libdir}/libexiv2.so
 %{_datadir}/doc/html/
 
 %changelog
+* Thu Sep 17 2020 zhanzhimin <zhanzhimin@huawei.com> - 0.26-22
+- Type:cves
+- ID:CVE-2018-9145
+- SUG:NA
+- DESC:fix CVE-2018-9145
+
 * Tue Sep 8 2020 hanhui <hanhui15@huawei.com> - 0.26.21
 - Type:bugfix
 - ID:NA
-- 
Gitee