Fix CVE-2017-14860.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14860
https://nvd.nist.gov/vuln/detail/CVE-2017-14860

Copied from upstream:

https://github.com/Exiv2/exiv2/commit/ff18fec24b119579df26fd2ebb8bb012cde102ce

From ff18fec24b119579df26fd2ebb8bb012cde102ce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dan.cermak@cgc-instruments.com>
Date: Fri, 6 Oct 2017 23:09:08 +0200
Subject: [PATCH] Fix for CVE-2017-14860

A heap buffer overflow could occur in memcpy when icc.size_ is larger
than data.size_ - pad, as then memcpy would read out of bounds of data.

This commit adds a sanity check to iccLength (= icc.size_): if it is
larger than data.size_ - pad (i.e. an overflow would be caused) an
exception is thrown.

This fixes #71.
---
 src/jp2image.cpp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/jp2image.cpp b/src/jp2image.cpp
index 747145cf..748d39b5 100644
--- a/src/jp2image.cpp
+++ b/src/jp2image.cpp
@@ -269,10 +269,15 @@ namespace Exiv2
                             std::cout << "Exiv2::Jp2Image::readMetadata: "
                                      << "Color data found" << std::endl;
 #endif
-                            long pad = 3 ; // 3 padding bytes 2 0 0
+                            const long pad = 3 ; // 3 padding bytes 2 0 0
                             DataBuf data(subBox.length+8);
                             io_->read(data.pData_,data.size_);
-                            long    iccLength = getULong(data.pData_+pad, bigEndian);
+                            const long    iccLength = getULong(data.pData_+pad, bigEndian);
+                            // subtracting pad from data.size_ is safe:
+                            // size_ is at least 8 and pad = 3
+                            if (iccLength > data.size_ - pad) {
+                                throw Error(58);
+			    }
                             DataBuf icc(iccLength);
                             ::memcpy(icc.pData_,data.pData_+pad,icc.size_);
 #ifdef DEBUG
tr></table>
<div class='path'>path: <a href='/guix/log/?id=bdaaa6b3e454d9e91c6d9384763e8c53d5e12fe2'>root</a>/<a href='/guix/log/gnu?id=bdaaa6b3e454d9e91c6d9384763e8c53d5e12fe2'>gnu</a>/<a href='/guix/log/gnu/packages?id=bdaaa6b3e454d9e91c6d9384763e8c53d5e12fe2'>packages</a>/<a href='/guix/log/gnu/packages/patchutils.scm?id=bdaaa6b3e454d9e91c6d9384763e8c53d5e12fe2'>patchutils.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages/patchutils.scm?id=bdaaa6b3e454d9e91c6d9384763e8c53d5e12fe2&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2020-09-22 18:42:00 +0200'>2020-09-22</span></td><td><a href='/guix/commit/gnu/packages/patchutils.scm?id=37c24c0bd04b099c7d3ef5a251a453ad12373c0e'>gnu: patchwork: Update to 2.2.2.</a><span class='msg-avail'>...</span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-09-22 18:41:52 +0200'>2020-09-22</span></td><td><a href='/guix/commit/gnu/packages/patchutils.scm?id=ac3103e8f32005e694701f57fe75ea39df8765b7'>gnu: python-django: Update to 3.1.1.</a><span class='msg-avail'>...</span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-07-12 23:08:15 +0200'>2020-07-12</span></td><td><a href='/guix/commit/gnu/packages/patchutils.scm?id=b0e7b6992f3f845e83cfbca4d700b51dba50b4d5'>gnu: Remove ".git" from "https://github/…/….git".</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-05-25 19:31:34 +0200'>2020-05-25</span></td><td><a href='/guix/commit/gnu/packages/patchutils.scm?id=18a91ab89760bed207ae22a69ec8e4a559ae3666'>gnu: colordiff: Update to 1.0.19.</a><span class='msg-avail'>...</span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2020-04-04 15:48:44 +0200'>2020-04-04</span></td><td><a href='/guix/commit/gnu/packages/patchutils.scm?id=f2d97d577d1dd527bbc707d857ccd0de81714420'>gnu: Replace uses of 'gettext' with 'gettext-minimal'.</a><span class='msg-avail'>...</span></td><td>Marius Bakke</td></tr>