Mercurial > geeqie.yaz

changeset 1674:d5c921f9bb4c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix a overrun data_offset + data_length could be bigger than guint which makes the calculation overflow to a value smaller then size.
author mow
date Sat, 18 Jul 2009 08:16:54 +0000
parents 5f272d19dabe
children 717374fb1bbd
files src/exif.c
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/exif.c	Thu Jul 02 17:37:05 2009 +0000
+++ b/src/exif.c	Sat Jul 18 08:16:54 2009 +0000
@@ -927,7 +927,7 @@
 	if (data_length > 4)
 		{
 		data_offset = data_val;
-		if (size < data_offset + data_length)
+		if (size < data_offset || size < data_offset + data_length)
 			{
 			log_printf("warning: exif tag %s data will overrun end of file, ignored.\n", marker->key);
 			return -1;