Revision: 1797
http://geeqie.svn.sourceforge.net/geeqie/?rev=1797&view=rev
Author: mow
Date: 2009-07-18 08:16:54 +0000 (Sat, 18 Jul 2009)
Log Message:
-----------
Fix a overrun
data_offset + data_length could be bigger than guint which makes the
calculation overflow to a value smaller then size.
Modified Paths:
--------------
trunk/src/exif.c
Modified: trunk/src/exif.c
===================================================================
--- trunk/src/exif.c 2009-07-02 17:43:42 UTC (rev 1796)
+++ trunk/src/exif.c 2009-07-18 08:16:54 UTC (rev 1797)
@@ -927,7 +927,7 @@
if (data_length > 4)
{
data_offset = data_val;
- if (size < data_offset + data_length)
+ if (size < data_offset || size < data_offset + data_length)
{
log_printf("warning: exif tag %s data will overrun end
of file, ignored.\n", marker->key);
return -1;
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge
This is your chance to win up to $100,000 in prizes! For a limited time,
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Geeqie-svn mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geeqie-svn
