From: Lutz M. <lu...@us...> - 2007-12-14 20:32:40
|
Update of /cvsroot/libexif/libexif/libexif In directory sc8-pr-cvs6.sourceforge.net:/tmp/cvs-serv28701/libexif Modified Files: exif-data.c Log Message: 2007-12-14 Lutz Mueller <lu...@us...> Bug pointed out by Meder Kydyraliev, Google Security Team: * libexif/exif-data.c: (exif_data_load_data_thumbnail) Ignore bugus data. Index: exif-data.c =================================================================== RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v retrieving revision 1.102 retrieving revision 1.103 diff -u -p -d -r1.102 -r1.103 --- exif-data.c 7 Dec 2007 08:46:48 -0000 1.102 +++ exif-data.c 14 Dec 2007 20:32:35 -0000 1.103 @@ -299,10 +299,9 @@ static void exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d, unsigned int ds, ExifLong offset, ExifLong size) { - if (ds < offset + size) { + if ((ds < offset + size) || (offset < 0) || (offset > ds)) { exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", - "Bogus thumbnail offset and size: %i < %i + %i.", - (int) ds, (int) offset, (int) size); + "Bogus thumbnail offset and size."); return; } if (data->data) |