From 9b8cfbda1af9ee67dc046e5170b5ce27d295f4e3 Mon Sep 17 00:00:00 2001
From: Packit Bot <centos-stream-packit@redhat.com>
Date: May 04 2021 22:18:01 +0000
Subject: Apply patch exiv2-CVE-2021-29457.patch


patch_name: exiv2-CVE-2021-29457.patch
present_in_specfile: true
location_in_specfile: 3

---

diff --git a/src/jp2image.cpp b/src/jp2image.cpp
index 26bf5ad..0961203 100644
--- a/src/jp2image.cpp
+++ b/src/jp2image.cpp
@@ -776,9 +776,10 @@ static void boxes_check(size_t b,size_t m)
 #endif
                 box.length = (uint32_t) (io_->size() - io_->tell() + 8);
             }
-            if (box.length == 1)
+            if (box.length < 8)
             {
-                // FIXME. Special case. the real box size is given in another place.
+                // box is broken, so there is nothing we can do here
+                throw Error(kerCorruptedMetadata);
             }
 
             // Read whole box : Box header + Box data (not fixed size - can be null).