Menu
▾
▴
Re: [libexif-cvs] libexif/libexif exif-data.c,1.103,1.104
|
From: Marcus M. <ma...@je...> - 2007-12-16 09:42:22
|
On Sat, Dec 15, 2007 at 07:56:36AM +0000, Lutz MXller wrote: > Update of /cvsroot/libexif/libexif/libexif > In directory sc8-pr-cvs6.sourceforge.net:/tmp/cvs-serv27983/libexif > > Modified Files: > exif-data.c > Log Message: > 2007-12-15 Lutz Mueller <lu...@us...> > > * po/*.po: Updated po-files. > * libexif/exif-data.c: (exif_data_load_data_thumbnail) guard against > negative size (in addition to negative offset), too. > > > Index: exif-data.c > =================================================================== > RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v > retrieving revision 1.103 > retrieving revision 1.104 > diff -u -p -d -r1.103 -r1.104 > --- exif-data.c 14 Dec 2007 20:32:35 -0000 1.103 > +++ exif-data.c 15 Dec 2007 07:56:34 -0000 1.104 > @@ -299,7 +299,7 @@ static void > exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d, > unsigned int ds, ExifLong offset, ExifLong size) > { > - if ((ds < offset + size) || (offset < 0) || (offset > ds)) { > + if ((ds < offset + size) || (size <= 0) || (offset <= 0)) { ExifLong is unsigned int. size or offset cannot become < 0, so this change is very likely incorrect. Perhaps use (size > UINT_MAX-offset) this avoids those pesky overflows. Ciao, Marcus |
