# HG changeset patch
# User mow
# Date 1247905014 0
# Node ID d5c921f9bb4c056b02e9e0aa436ad9d8a5f16c0c
# Parent  5f272d19dabee5392d75a8e41be16b912f3fa1e6
Fix a overrun

data_offset + data_length could be bigger than guint which makes the
calculation overflow to a value smaller then size.

diff -r 5f272d19dabe -r d5c921f9bb4c src/exif.c
--- a/src/exif.c	Thu Jul 02 17:37:05 2009 +0000
+++ b/src/exif.c	Sat Jul 18 08:16:54 2009 +0000
@@ -927,7 +927,7 @@
 	if (data_length > 4)
 		{
 		data_offset = data_val;
-		if (size < data_offset + data_length)
+		if (size < data_offset || size < data_offset + data_length)
 			{
 			log_printf("warning: exif tag %s data will overrun end of file, ignored.\n", marker->key);
 			return -1;