# HG changeset patch
# User mow
# Date 1247905014 0
# Node ID 219e1ba3ae30c68d2d0d6404a35b913382aa7850
# Parent  1c31b33a31389fcc9f849155fbeb7d5405530d5e
Fix a overrun

data_offset + data_length could be bigger than guint which makes the
calculation overflow to a value smaller then size.

diff -r 1c31b33a3138 -r 219e1ba3ae30 src/exif.c
--- a/src/exif.c	Thu Jul 02 17:37:05 2009 +0000
+++ b/src/exif.c	Sat Jul 18 08:16:54 2009 +0000
@@ -927,7 +927,7 @@
 	if (data_length > 4)
 		{
 		data_offset = data_val;
-		if (size < data_offset + data_length)
+		if (size < data_offset || size < data_offset + data_length)
 			{
 			log_printf("warning: exif tag %s data will overrun end of file, ignored.\n", marker->key);
 			return -1;