[libexif-cvs] libexif/libexif/canon exif-mnote-data-canon.c, 1.23, 1.24

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/libexif/libexif/libexif/canon
In directory ddv4jf1.ch3.sourceforge.com:/tmp/cvs-serv5544/libexif/canon

Modified Files:
	exif-mnote-data-canon.c 
Log Message:
Jan Patera's keen eyes noticed that my MakerNote unification changes
introduced a case where a NULL pointer would be dereferenced before
being checked for NULL.


Index: exif-mnote-data-canon.c
===================================================================
RCS file: /cvsroot/libexif/libexif/libexif/canon/exif-mnote-data-canon.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -p -d -r1.23 -r1.24

--- exif-mnote-data-canon.c	25 Sep 2009 06:35:48 -0000	1.23
+++ exif-mnote-data-canon.c	25 Sep 2009 22:01:50 -0000	1.24
@@ -201,10 +201,15 @@ exif_mnote_data_canon_load (ExifMnoteDat
 {
 	ExifMnoteDataCanon *n = (ExifMnoteDataCanon *) ne;
 	ExifShort c;
-	size_t i, tcount, o, datao = 6 + n->offset;
+	size_t i, tcount, o, datao;
 
-	if (!n || !buf || !buf_size || (datao + 2 < datao) ||
-	    (datao + 2 < 2) || (datao + 2 > buf_size)) {
+	if (!n || !buf || !buf_size) {
+		exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
+			  "ExifMnoteCanon", "Short MakerNote");
+		return;
+	}
+	datao = 6 + n->offset;
+	if ((datao + 2 < datao) || (datao + 2 < 2) || (datao + 2 > buf_size)) {
 		exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
 			  "ExifMnoteCanon", "Short MakerNote");
 		return;



