eunue pushed a commit to branch master.
http://git.enlightenment.org/core/efl.git/commit/?id=53e31eeede51bba866b6224bb4ac030693e744a8
commit 53e31eeede51bba866b6224bb4ac030693e744a8
Author: Jaeun Choi <jaeun12.c...@samsung.com>
Date: Thu Apr 6 15:34:53 2017 +0900
emile_image: add error handling code for ifd_offset value
Signed-off-by: JEONGHYUN YUN <jh0506....@samsung.com>
---
src/lib/emile/emile_image.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/lib/emile/emile_image.c b/src/lib/emile/emile_image.c
index b342e3e..309dbbb 100644
--- a/src/lib/emile/emile_image.c
+++ b/src/lib/emile/emile_image.c
@@ -933,6 +933,10 @@ _get_orientation_app1(const unsigned char *map,
{
// get 4byte by little endian
ifd_offset += (*(buf + 14) << 24) + (*(buf + 15) << 16) + (*(buf + 16)
<< 8) + (*(buf + 17));
+
+ if (ifd_offset > fsize)
+ return EINA_FALSE;
+
byte_align = EXIF_BYTE_ALIGN_MM;
num_directory = ((*(buf + ifd_offset) << 8) + *(buf + ifd_offset + 1));
orientation[0] = 0x01;
@@ -942,6 +946,10 @@ _get_orientation_app1(const unsigned char *map,
{
// get 4byte by big endian
ifd_offset += (*(buf + 14)) + (*(buf + 15) << 8) + (*(buf + 16) <<
16) + (*(buf + 17) << 24);
+
+ if (ifd_offset > fsize)
+ return EINA_FALSE;
+
byte_align = EXIF_BYTE_ALIGN_II;
num_directory = ((*(buf + ifd_offset + 1) << 8) + *(buf + ifd_offset));
orientation[0] = 0x12;
--
