diff src/exif.c @ 1697:219e1ba3ae30

Fix a overrun data_offset + data_length could be bigger than guint which makes the calculation overflow to a value smaller then size.
author mow
date Sat, 18 Jul 2009 08:16:54 +0000
parents 59c72fd324ce
children 1cff176f8144
line wrap: on
line diff
--- a/src/exif.c	Thu Jul 02 17:37:05 2009 +0000
+++ b/src/exif.c	Sat Jul 18 08:16:54 2009 +0000
@@ -927,7 +927,7 @@
 	if (data_length > 4)
 		{
 		data_offset = data_val;
-		if (size < data_offset + data_length)
+		if (size < data_offset || size < data_offset + data_length)
 			{
 			log_printf("warning: exif tag %s data will overrun end of file, ignored.\n", marker->key);
 			return -1;