projects
/
geeqie.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
6e739c9
)
Fix a overrun
author
Klaus Ethgen
<Klaus@Ethgen.de>
Sat, 18 Jul 2009 08:16:54 +0000
(08:16 +0000)
committer
Klaus Ethgen
<Klaus@Ethgen.de>
Sat, 18 Jul 2009 08:16:54 +0000
(08:16 +0000)
data_offset + data_length could be bigger than guint which makes the
calculation overflow to a value smaller then size.
src/exif.c
patch
|
blob
|
history
diff --git
a/src/exif.c
b/src/exif.c
index
a68dc67
..
fd7ac93
100644
(file)
--- a/
src/exif.c
+++ b/
src/exif.c
@@
-927,7
+927,7
@@
static gint exif_parse_IFD_entry(ExifData *exif, guchar *tiff, guint offset,
if (data_length > 4)
{
data_offset = data_val;
- if (size < data_offset + data_length)
+ if (size < data_offset
|| size < data_offset
+ data_length)
{
log_printf("warning: exif tag %s data will overrun end of file, ignored.\n", marker->key);
return -1;