Skip to content

enforce minimum FileTypeBox length in Jp2Image::printStructure#9318

Merged
kevinbackhouse merged 1 commit into
Exiv2:mainfrom
netliomax25-code:jp2-printstructure-filetype-underflow
Jun 21, 2026
Merged

enforce minimum FileTypeBox length in Jp2Image::printStructure#9318
kevinbackhouse merged 1 commit into
Exiv2:mainfrom
netliomax25-code:jp2-printstructure-filetype-underflow

Conversation

@netliomax25-code

@netliomax25-code netliomax25-code commented May 29, 2026

Copy link
Copy Markdown
Contributor

exiv2 -pS on a JP2 whose FileTypeBox sets its length below the 8-byte box header:

   12 |        2 | ftyp      | Uncaught exception: vector

box.length - boxHSize underflows, so Blob is sized to near SIZE_MAX and std::vector throws std::length_error rather than an Exiv2::Error. The sibling sub-box and uuid cases already guard length; this adds the same check before the FileTypeBox allocation.

@mergify

mergify Bot commented Jun 21, 2026

Copy link
Copy Markdown
Contributor

Tick the box to add this pull request to the merge queue (same as @mergifyio queue).

  • Queue this pull request

@kevinbackhouse

kevinbackhouse commented Jun 21, 2026

Copy link
Copy Markdown
Collaborator

@mergify backport 0.28.x 0.29.x

@mergify

mergify Bot commented Jun 21, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

backport 0.28.x 0.29.x

✅ Backports have been created

Details

Cherry-pick of 9d31d6d has failed:

On branch mergify/bp/0.28.x/pr-9318
Your branch is up to date with 'origin/0.28.x'.

You are currently cherry-picking commit 9d31d6d4.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   src/jp2image.cpp

no changes added to commit (use "git add" and/or "git commit -a")

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

@kevinbackhouse kevinbackhouse merged commit 4815bce into Exiv2:main Jun 21, 2026
74 of 78 checks passed
This was referenced Jun 21, 2026
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kevinbackhouse kevinbackhouse kevinbackhouse approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@netliomax25-code @kevinbackhouse