changeset 1697:219e1ba3ae30

Fix a overrun data_offset + data_length could be bigger than guint which makes the calculation overflow to a value smaller then size.
author mow
date Sat, 18 Jul 2009 08:16:54 +0000
parents 1c31b33a3138
children bfe04f01de5e
files src/exif.c
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/exif.c	Thu Jul 02 17:37:05 2009 +0000
+++ b/src/exif.c	Sat Jul 18 08:16:54 2009 +0000
@@ -927,7 +927,7 @@
 	if (data_length > 4)
 		{
 		data_offset = data_val;
-		if (size < data_offset + data_length)
+		if (size < data_offset || size < data_offset + data_length)
 			{
 			log_printf("warning: exif tag %s data will overrun end of file, ignored.\n", marker->key);
 			return -1;