Mercurial > geeqie
diff src/exif.c @ 1697:219e1ba3ae30
Fix a overrun
data_offset + data_length could be bigger than guint which makes the
calculation overflow to a value smaller then size.
| author | mow |
|---|---|
| date | Sat, 18 Jul 2009 08:16:54 +0000 |
| parents | 59c72fd324ce |
| children | 1cff176f8144 |
line wrap: on
line diff
--- a/src/exif.c Thu Jul 02 17:37:05 2009 +0000 +++ b/src/exif.c Sat Jul 18 08:16:54 2009 +0000 @@ -927,7 +927,7 @@ if (data_length > 4) { data_offset = data_val; - if (size < data_offset + data_length) + if (size < data_offset || size < data_offset + data_length) { log_printf("warning: exif tag %s data will overrun end of file, ignored.\n", marker->key); return -1;