From b751b36c3a3c2be9456e94bc0a72e1efb28b4ad8 Mon Sep 17 00:00:00 2001
From: yangcheng1203 <yangcheng87@huawei.com>
Date: Mon, 26 Jul 2021 17:17:06 +0800
Subject: [PATCH] fix CVE-2020-13113

(cherry picked from commit 051d4a27fd2d8d1f0b401836d8ba7cb7ef128197)
---
 CVE-2020-13113.patch | 63 ++++++++++++++++++++++++++++++++++++++++++++
 libexif.spec         |  9 ++++++-
 2 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2020-13113.patch

diff --git a/CVE-2020-13113.patch b/CVE-2020-13113.patch
new file mode 100644
index 0000000..bc1fd4e
--- /dev/null
+++ b/CVE-2020-13113.patch
@@ -0,0 +1,63 @@
+From a4cbc451f204b8e69d1ac843f8042dea10251397 Mon Sep 17 00:00:00 2001
+From: yangcheng1203 <yangcheng87@huawei.com>
+Date: Mon, 26 Jul 2021 17:00:47 +0800
+Subject: [PATCH] CVE-2020-13113
+
+---
+ libexif/canon/exif-mnote-data-canon.c     | 1 +
+ libexif/fuji/exif-mnote-data-fuji.c       | 1 +
+ libexif/olympus/exif-mnote-data-olympus.c | 1 +
+ libexif/pentax/exif-mnote-data-pentax.c   | 1 +
+ 4 files changed, 4 insertions(+)
+
+diff --git a/libexif/canon/exif-mnote-data-canon.c b/libexif/canon/exif-mnote-data-canon.c
+index eb53598..83854ad 100644
+--- a/libexif/canon/exif-mnote-data-canon.c
++++ b/libexif/canon/exif-mnote-data-canon.c
+@@ -233,6 +233,7 @@ exif_mnote_data_canon_load (ExifMnoteData *ne,
+ 	tcount = 0;
+ 	for (i = c, o = datao; i; --i, o += 12) {
+ 		size_t s;
++		memset(&n->entries[tcount], 0, sizeof(MnoteCanonEntry));
+ 		if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) {
+ 			exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
+ 				"ExifMnoteCanon", "Short MakerNote");
+diff --git a/libexif/fuji/exif-mnote-data-fuji.c b/libexif/fuji/exif-mnote-data-fuji.c
+index 9514654..efcf654 100644
+--- a/libexif/fuji/exif-mnote-data-fuji.c
++++ b/libexif/fuji/exif-mnote-data-fuji.c
+@@ -195,6 +195,7 @@ exif_mnote_data_fuji_load (ExifMnoteData *en,
+ 	tcount = 0;
+ 	for (i = c, o = datao; i; --i, o += 12) {
+ 		size_t s;
++		memset(&n->entries[tcount], 0, sizeof(MnoteFujiEntry));
+ 		if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) {
+ 			exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
+ 				  "ExifMnoteDataFuji", "Short MakerNote");
+diff --git a/libexif/olympus/exif-mnote-data-olympus.c b/libexif/olympus/exif-mnote-data-olympus.c
+index 099671d..9bf0855 100644
+--- a/libexif/olympus/exif-mnote-data-olympus.c
++++ b/libexif/olympus/exif-mnote-data-olympus.c
+@@ -430,6 +430,7 @@ exif_mnote_data_olympus_load (ExifMnoteData *en,
+ 	tcount = 0;
+ 	for (i = c, o = o2; i; --i, o += 12) {
+ 		size_t s;
++		memset(&n->entries[tcount], 0, sizeof(MnoteOlympusEntry));
+ 		if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) {
+ 			exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
+ 				  "ExifMnoteOlympus", "Short MakerNote");
+diff --git a/libexif/pentax/exif-mnote-data-pentax.c b/libexif/pentax/exif-mnote-data-pentax.c
+index 757bb72..1de77b8 100644
+--- a/libexif/pentax/exif-mnote-data-pentax.c
++++ b/libexif/pentax/exif-mnote-data-pentax.c
+@@ -277,6 +277,7 @@ exif_mnote_data_pentax_load (ExifMnoteData *en,
+ 	tcount = 0;
+ 	for (i = c, o = datao; i; --i, o += 12) {
+ 		size_t s;
++		memset(&n->entries[tcount], 0, sizeof(MnotePentaxEntry));
+ 		if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) {
+ 			exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
+ 				  "ExifMnoteDataPentax", "Short MakerNote");
+-- 
+1.8.3.1
+
diff --git a/libexif.spec b/libexif.spec
index ec8f1e4..d0d849b 100644
--- a/libexif.spec
+++ b/libexif.spec
@@ -1,7 +1,7 @@
 Name:           libexif
 Summary:        Library for extracting extra information from image files
 Version:        0.6.21
-Release:        21
+Release:        22
 License:        LGPLv2+
 URL:            https://libexif.github.io/
 Source0:        https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
@@ -14,6 +14,7 @@ Patch6004:	libexif-bugfix-integer-overflow.patch
 Patch6005: 	libexif-bugfix-unsigned-int.patch
 Patch6006:	libexif-bugfix-overflow.patch
 Patch6007:      libexif-bugfix-large-loop-in-exif_loader_get_data.patch
+Patch6008:      CVE-2020-13113.patch
 Patch9001:	libexif-bugfix-integer-overflow-pentax.patch
 
 BuildRequires:  autoconf automake doxygen gettext-devel libtool pkgconfig git
@@ -72,6 +73,12 @@ make check
 %doc libexif-api.html NEWS
 
 %changelog
+* Mon Jul 26 202 yangcheng <yangcheng87@huawei.com> - 0.6.21-22
+- Type:CVE
+- Id:CVE-2020-13113
+- SUG:NA
+- DESC:fix CVE-2020-13113
+
 * Sat Aug 8 2020 yanan <yanan@huawei.com> - 0.6.21-21
 - Type:bugfix
 - Id:NA