From 7c7eb0a20e26e0b16c90ec2882559344ac537c1d Mon Sep 17 00:00:00 2001
From: Klaus Ethgen <Klaus@Ethgen.de>
Date: Sat, 18 Jul 2009 08:16:54 +0000
Subject: [PATCH] Fix a overrun

data_offset + data_length could be bigger than guint which makes the
calculation overflow to a value smaller then size.
---
 src/exif.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/exif.c b/src/exif.c
index a68dc67b..fd7ac939 100644
--- a/src/exif.c
+++ b/src/exif.c
@@ -927,7 +927,7 @@ static gint exif_parse_IFD_entry(ExifData *exif, guchar *tiff, guint offset,
 	if (data_length > 4)
 		{
 		data_offset = data_val;
-		if (size < data_offset + data_length)
+		if (size < data_offset || size < data_offset + data_length)
 			{
 			log_printf("warning: exif tag %s data will overrun end of file, ignored.\n", marker->key);
 			return -1;
-- 
2.20.1