$OpenBSD: patch-libexif_exif_data_c,v 1.1 2005/03/13 21:25:38 robert Exp $
--- libexif/exif-data.c.orig	Fri Mar 11 15:56:37 2005
+++ libexif/exif-data.c	Fri Mar 11 15:59:15 2005
@@ -550,7 +550,7 @@
 #endif
 
 	/* Byte order (offset 6, length 2) */
-	if (size < 12)
+	if (size < 14)
 		return;
 	if (!memcmp (d + 6, "II", 2))
 		data->priv->order = EXIF_BYTE_ORDER_INTEL;
@@ -569,12 +569,18 @@
 	printf ("IFD 0 at %i.\n", (int) offset);
 #endif
 
+	if (size < 6 + 4 + offset)
+		return;
+		
 	/* Parse the actual exif data (offset 14) */
 	exif_data_load_data_content (data, data->ifd[EXIF_IFD_0], d + 6,
 				     size - 6, offset);
 
 	/* IFD 1 offset */
 	n = exif_get_short (d + 6 + offset, data->priv->order);
+	if (size < 6 + offset + 2 + 12 * n + 4)
+		return;
+		
 	offset = exif_get_long (d + 6 + offset + 2 + 12 * n, data->priv->order);
 	if (offset) {
 #ifdef DEBUG