Update of /cvsroot/libexif/libmnote/libmnote/canon
In directory sc8-pr-cvs1:/tmp/cvs-serv19184/libmnote/canon
Modified Files:
mnote-canon-data.c mnote-canon-entry.c
Log Message:
More sanity check
Index: mnote-canon-data.c
===================================================================
RCS file: /cvsroot/libexif/libmnote/libmnote/canon/mnote-canon-data.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- mnote-canon-data.c 28 Aug 2003 15:43:50 -0000 1.6
+++ mnote-canon-data.c 29 Aug 2003 11:18:21 -0000 1.7
@@ -235,6 +235,10 @@
#endif
d+=2;
size-=2;
+
+ if ( 12 * n > size )
+ return;
+
for (i = 0; i < n; i++) {
tag = exif_get_short (d + 12 * i, order);
Index: mnote-canon-entry.c
===================================================================
RCS file: /cvsroot/libexif/libmnote/libmnote/canon/mnote-canon-entry.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- mnote-canon-entry.c 28 Aug 2003 15:43:50 -0000 1.6
+++ mnote-canon-entry.c 29 Aug 2003 11:18:21 -0000 1.7
@@ -175,13 +175,12 @@
switch (entry->tag) {
case MNOTE_CANON_TAG_SETTINGS_1:
CF (entry->format, EXIF_FORMAT_SHORT, v);
- n = exif_get_short (data, order);
+ n = exif_get_short (data, order)/2;
data+=2;
+ CC (entry->components, n, v);
#ifdef DEBUG
printf ("Setting1 size %d %d\n",n,entry->size);
#endif
- n=((entry->size>n)?n:entry->size)/2;//sanity check
-
for (i=1;i<n;i++)
{
vs = exif_get_short (data, order);
@@ -539,13 +538,12 @@
case MNOTE_CANON_TAG_SETTINGS_2:
CF (entry->format, EXIF_FORMAT_SHORT, v);
- n = exif_get_short (data, order);
+ n = exif_get_short (data, order)/2;
data += 2;
+ CC (entry->components, n, v);
#ifdef DEBUG
printf ("Setting2 size %d %d\n",n,entry->size);
#endif
- n=((entry->size>n)?n:entry->size)/2;//sanity check
-
for (i=1;i<n;i++)
{
vs = exif_get_short (data, order);
@@ -654,12 +652,12 @@
case MNOTE_CANON_TAG_CUSTOM_FUNCS:
CF (entry->format, EXIF_FORMAT_SHORT, v);
- n = exif_get_short (data, order);
+ n = exif_get_short (data, order)/2;
data+=2;
+ CC (entry->components, n, v);
#ifdef DEBUG
printf ("Custom Function size %d %d\n",n,entry->size);
#endif
- n=((entry->size>n)?n:entry->size)/2;//sanity check
for (i=1;i<n;i++)
{
vs = exif_get_short (data, order);
|
