Menu
▾
▴
[libexif-cvs] libexif/libexif/olympus exif-mnote-data-olympus.c, 1.41, 1.42
|
From: Dan F. <dfa...@us...> - 2009-09-25 22:02:05
|
Update of /cvsroot/libexif/libexif/libexif/olympus In directory ddv4jf1.ch3.sourceforge.com:/tmp/cvs-serv5544/libexif/olympus Modified Files: exif-mnote-data-olympus.c Log Message: Jan Patera's keen eyes noticed that my MakerNote unification changes introduced a case where a NULL pointer would be dereferenced before being checked for NULL. Index: exif-mnote-data-olympus.c =================================================================== RCS file: /cvsroot/libexif/libexif/libexif/olympus/exif-mnote-data-olympus.c,v retrieving revision 1.41 retrieving revision 1.42 diff -u -p -d -r1.41 -r1.42 --- exif-mnote-data-olympus.c 25 Sep 2009 06:35:48 -0000 1.41 +++ exif-mnote-data-olympus.c 25 Sep 2009 22:01:53 -0000 1.42 @@ -228,11 +228,15 @@ exif_mnote_data_olympus_load (ExifMnoteD { ExifMnoteDataOlympus *n = (ExifMnoteDataOlympus *) en; ExifShort c; - size_t i, tcount, o, o2 = 6 + n->offset, /* Start of interesting data */ - datao = 6, base = 0; + size_t i, tcount, o, o2, datao = 6, base = 0; - if (!n || !buf || !buf_size || (n->offset + 22 < n->offset) || - (n->offset + 22 < 22) || (n->offset + 22 > buf_size)) { + if (!n || !buf || !buf_size) { + exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, + "ExifMnoteDataOlympus", "Short MakerNote"); + return; + } + o2 = 6 + n->offset; /* Start of interesting data */ + if ((o2 + 10 < o2) || (o2 + 10 < 10) || (o2 + 10 > buf_size)) { exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteDataOlympus", "Short MakerNote"); return; |
