Mercurial > hg > forks > geeqie
changeset 1697:381c53dcf3fd
Fix a overrun
data_offset + data_length could be bigger than guint which makes the
calculation overflow to a value smaller then size.
author | Klaus Ethgen <Klaus@Ethgen.de> |
---|---|
date | Sat, 18 Jul 2009 08:16:54 +0000 |
parents | 3bad299878e5 |
children | dc7c36ce2b92 |
files | src/exif.c |
diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/exif.c Thu Jul 02 17:37:05 2009 +0000 +++ b/src/exif.c Sat Jul 18 08:16:54 2009 +0000 @@ -927,7 +927,7 @@ if (data_length > 4) { data_offset = data_val; - if (size < data_offset + data_length) + if (size < data_offset || size < data_offset + data_length) { log_printf("warning: exif tag %s data will overrun end of file, ignored.\n", marker->key); return -1;