projects / geeqie.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6e739c9)
Fix a overrun
authorKlaus Ethgen <Klaus@Ethgen.de>
Sat, 18 Jul 2009 08:16:54 +0000 (08:16 +0000)
committerKlaus Ethgen <Klaus@Ethgen.de>
Sat, 18 Jul 2009 08:16:54 +0000 (08:16 +0000)
data_offset + data_length could be bigger than guint which makes the
calculation overflow to a value smaller then size.

src/exif.c patch | blob | history

diff --git a/src/exif.c b/src/exif.c
index a68dc67..fd7ac93 100644 (file)
--- a/src/exif.c
+++ b/src/exif.c
@@ -927,7 +927,7 @@ static gint exif_parse_IFD_entry(ExifData *exif, guchar *tiff, guint offset,
        if (data_length > 4)
                {
                data_offset = data_val;
-               if (size < data_offset + data_length)
+               if (size < data_offset || size < data_offset + data_length)
                        {
                        log_printf("warning: exif tag %s data will overrun end of file, ignored.\n", marker->key);
                        return -1;
Image viewer forked from GQView