Re: [Libexif-devel] [libexif-cvs] libexif/libexif exif-data.c, 1.90, 1.91

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

> don't dereference NULL (CID 4)

What is CID? Out of curiosity, how were all thes weak places found?

> @@ -193,7 +193,13 @@ exif_data_load_data_entry (ExifData *dat
>
>  	/* If this is the MakerNote, remember the offset */
>  	if (entry->tag == EXIF_TAG_MAKER_NOTE) {
> -		if (entry->size > 6) exif_log (data->priv->log,
> +		if (entry->data) {

This will certainly cause a dereference of NULL (below) in case entry->data
really is NULL.

 -- Jan

> +			exif_log (data->priv->log,
> +                                               EXIF_LOG_CODE_DEBUG,