[libexif-cvs] libexif/libexif exif-content.c,1.26,1.27

[Jan P. <pa...@us...>]

Update of /cvsroot/libexif/libexif/libexif
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv22661

Modified Files:
	exif-content.c 
Log Message:
exif_content_remove_entry:
1) don't unref entry that was not removed from entries
2) don't reorder entries if removal fails
3) use memmove and not memcpy, the latter is not safe for overlapping buffers

P.S. Aren't we paranoic with expecting realloc to a slightly smaller buffer to fail???


Index: exif-content.c
===================================================================
RCS file: /cvsroot/libexif/libexif/libexif/exif-content.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -p -d -r1.26 -r1.27
--- exif-content.c	25 Jul 2008 21:25:58 -0000	1.26
+++ exif-content.c	26 Jul 2008 07:56:45 -0000	1.27
@@ -166,26 +166,24 @@ exif_content_remove_entry (ExifContent *
 	if (i == c->count) return;
 
 	/* Remove the entry */
-	temp = c->entries[i];
-	memcpy (&c->entries[i], &c->entries[i + 1],
-		 sizeof (ExifEntry*) * (c->count - i - 1));
-	e->parent = NULL;
-	exif_entry_unref (e);
+	temp = c->entries[c->count-1];
 	if (c->count > 1) {
 		t = exif_mem_realloc (c->priv->mem, c->entries,
 					sizeof(ExifEntry*) * (c->count - 1));
-		if (t) {
-			c->entries = t;
-			c->count--;
-		} else {
-			/* We overwrote one entry, restore it now. */
-			c->entries[c->count-1] = temp;
+		if (!t) {
+			return;
 		}
+		c->entries = t;
+		c->count--;
+		memmove (&t[i], &t[i + 1], sizeof (ExifEntry*) * (c->count - i - 1));
+		t[c->count-1] = temp;
 	} else {
 		exif_mem_free (c->priv->mem, c->entries);
 		c->entries = NULL;
 		c->count = 0;
 	}
+	e->parent = NULL;
+	exif_entry_unref (e);
 }
 
 ExifEntry *