[Libexif-devel] A few memory-corruption and 64-bit fixes

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi developers,

Please find a patch attached to this mail that solves a couple of
memory-corruption issues, and a couple of 64-bit mode options.

The "unsigned int" -> "size_t" type changes are 64-bit fixes; when not
using these, one gets offsets in the > 2^31 range at times.

The changes to exif-data.c prevent reading from e->data when e->data
is NULL, and to prevent calling exif_data_save_data_entry if
ifd->entries[j] is NULL.

An additional set of changes within the maker-note files are to
prevent crashing on sizes > 64kb; It seems that the maker-notes, at
times, return sizes that are huge (as in: way beyond 2^31 bytes).
According to the documentation, though, the full size of the EXIF data
should fit within a JPEG section, thus intrinsically limiting it to 64
kb. I.e.: any s that is > 64 kb indicates a problem within the data.

Regards,

Niek Bergboer
Google Switzerland GmbH

Identifikationsnummer:
CH-020.4.028.116-1