Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

&bytes[0] (std::vector) will crash if bytes has zero elements #1789

Merged
merged 3 commits into from
Jul 25, 2021
Merged

&bytes[0] (std::vector) will crash if bytes has zero elements #1789

merged 3 commits into from
Jul 25, 2021

Conversation

kevinbackhouse
Copy link
Collaborator

Fixes: https://github.com/Exiv2/exiv2/security/advisories/GHSA-g44w-q3vm-gwjq

&bytes[0] on line 500 causes an assertion failure if count == 0.

On the main branch it will probably be better to fix this by using bytes.data() like the TODO comment suggests.

I looked for variants by removing this clause from the CodeQL query. The other results look like false positives to me, but most of them should probably also be replaced by bytes.data() on main.

@kevinbackhouse kevinbackhouse added forward-to-main Forward changes in a 0.28.x PR to main with Mergify bug labels Jul 17, 2021
@kevinbackhouse kevinbackhouse added this to the v0.27.5 milestone Jul 17, 2021
@kevinbackhouse
Copy link
Collaborator Author

It turns out that the -pR option is switched off in release builds, so this just a bug, not a vulnerability. I will close GHSA-g44w-q3vm-gwjq.

I added a third commit to skip this unittest for now, since it fails in release builds. We have done the same thing in other tests that use -pR.

@kevinbackhouse kevinbackhouse merged commit fe065a4 into Exiv2:0.27-maintenance Jul 25, 2021
@mergify mergify bot mentioned this pull request Jul 25, 2021
Merged
kevinbackhouse added a commit that referenced this pull request Jul 25, 2021
@kevinbackhouse
Merge pull request #1798 from Exiv2/mergify/bp/main/pr-1789
01b109e 
&bytes[0] (std::vector) will crash if bytes has zero elements (backport #1789)
@clanmills clanmills mentioned this pull request Aug 9, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hassec hassec hassec approved these changes

Assignees
No one assigned
Labels
bug forward-to-main Forward changes in a 0.28.x PR to main with Mergify
Projects
None yet
Milestone
v0.27.5
Development

Successfully merging this pull request may close these issues.
2 participants
@kevinbackhouse @hassec