32 lines
876 B
Plaintext
32 lines
876 B
Plaintext
|
$OpenBSD: patch-libexif_exif_data_c,v 1.1 2005/03/13 21:25:38 robert Exp $
|
||
|
|
--- libexif/exif-data.c.orig Fri Mar 11 15:56:37 2005
|
||
|
|
+++ libexif/exif-data.c Fri Mar 11 15:59:15 2005
|
||
|
|
@@ -550,7 +550,7 @@
|
||
|
|
#endif
|
||
|
|
|
||
|
|
/* Byte order (offset 6, length 2) */
|
||
|
|
- if (size < 12)
|
||
|
|
+ if (size < 14)
|
||
|
|
return;
|
||
|
|
if (!memcmp (d + 6, "II", 2))
|
||
|
|
data->priv->order = EXIF_BYTE_ORDER_INTEL;
|
||
|
|
@@ -569,12 +569,18 @@
|
||
|
|
printf ("IFD 0 at %i.\n", (int) offset);
|
||
|
|
#endif
|
||
|
|
|
||
|
|
+ if (size < 6 + 4 + offset)
|
||
|
|
+ return;
|
||
|
|
+
|
||
|
|
/* Parse the actual exif data (offset 14) */
|
||
|
|
exif_data_load_data_content (data, data->ifd[EXIF_IFD_0], d + 6,
|
||
|
|
size - 6, offset);
|
||
|
|
|
||
|
|
/* IFD 1 offset */
|
||
|
|
n = exif_get_short (d + 6 + offset, data->priv->order);
|
||
|
|
+ if (size < 6 + offset + 2 + 12 * n + 4)
|
||
|
|
+ return;
|
||
|
|
+
|
||
|
|
offset = exif_get_long (d + 6 + offset + 2 + 12 * n, data->priv->order);
|
||
|
|
if (offset) {
|
||
|
|
#ifdef DEBUG
|