From: Klaus Ethgen <Klaus@Ethgen.de>
Date: Sat, 18 Jul 2009 08:16:54 +0000 (+0000)
Subject: Fix a overrun
X-Git-Tag: v1.0.0~106
X-Git-Url: http://geeqie.org/cgi-bin/gitweb.cgi?p=geeqie.git;a=commitdiff_plain;h=7c7eb0a20e26e0b16c90ec2882559344ac537c1d

Fix a overrun

data_offset + data_length could be bigger than guint which makes the
calculation overflow to a value smaller then size.
---

diff --git a/src/exif.c b/src/exif.c
index a68dc67b..fd7ac939 100644
--- a/src/exif.c
+++ b/src/exif.c
@@ -927,7 +927,7 @@ static gint exif_parse_IFD_entry(ExifData *exif, guchar *tiff, guint offset,
 	if (data_length > 4)
 		{
 		data_offset = data_val;
-		if (size < data_offset + data_length)
+		if (size < data_offset || size < data_offset + data_length)
 			{
 			log_printf("warning: exif tag %s data will overrun end of file, ignored.\n", marker->key);
 			return -1;