Issue #9 - Fix null-pointer-dereference (CVE-2018-12648)

The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference. https://bugs.freedesktop.org/show_bug.cgi?id=106981 https://gitlab.freedesktop.org/libopenraw/exempi/issues/9 Signed-off-by: Victor Rodriguez <victor.rodriguez.bahena@intel.com> Signed-off-by: Hubert Figuière <hub@figuiere.net>
author: Victor Rodriguez <victor.rodriguez.bahena@intel.com> 2018-08-18 13:54:55 +0000
committer: Hubert Figuière <hub@figuiere.net> 2018-09-25 19:03:26 -0400
commit: 8ed2f034705fd2d032c81383eee8208fd4eee0ac (patch)
tree: ca3d4e1af8f769bd38626f62f2875b954a86f0b0
parent: 51e141ca1ee15709d1dd22049073ab8105a526e2 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/XMPFiles/source/FormatSupport/WEBP_Support.cpp b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
index ffaf220..4fe705b 100644
--- a/XMPFiles/source/FormatSupport/WEBP_Support.cpp
+++ b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
@@ -160,9 +160,11 @@ bool VP8XChunk::xmp()
 }
 void VP8XChunk::xmp(bool hasXMP)
 {
-    XMP_Uns32 flags = GetLE32(&this->data[0]);
-    flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT);
-    PutLE32(&this->data[0], flags);
+    if (&this->data[0] != NULL) {
+        XMP_Uns32 flags = GetLE32(&this->data[0]);
+        flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT);
+        PutLE32(&this->data[0], flags);
+    }
 }
 
 Container::Container(WEBP_MetaHandler* handler) : Chunk(NULL, handler)
author	Victor Rodriguez <victor.rodriguez.bahena@intel.com>	2018-08-18 13:54:55 +0000
committer	Hubert Figuière <hub@figuiere.net>	2018-09-25 19:03:26 -0400
commit	8ed2f034705fd2d032c81383eee8208fd4eee0ac (patch)
tree	ca3d4e1af8f769bd38626f62f2875b954a86f0b0
parent	51e141ca1ee15709d1dd22049073ab8105a526e2 (diff)