Re: [PATCH 1/2] wrlib: add EXIF orientation feature

Thu, 29 May 2014 15:03:21 -0700 

On Thu, 29 May 2014, David Maciejak wrote:

+/*
+ Based on jpegexiforient.c
+ Full src available at
http://ftp.freebsd.org/pub/FreeBSD/distfiles/jpeg8b/jpegexiforient.c
+
+ Tested with img samples from
http://github.com/recurser/exif-orientation-examples
+*/
+int RGetImageOrientation(const char *file)
+{
+ int c1, c2;
+ int set_flag = ROrientationUnknown;
+ unsigned int length, i;
+ /* Flag for byte order */
+ int is_motorola;
+ unsigned int exif_offset, offset, number_of_tags, tagnum;
+ FILE *myfile;
+ unsigned char exif_data[65536L];


[...]


+ /* Get the marker parameter length count */
+ c1 = getc(myfile);
+ if (c1 == EOF)
+ exif_offset = 0;
+ c2 = getc(myfile);
+ if (c2 == EOF)
+ exif_offset = 0;
+ length = (((unsigned int) c1) << 8) + ((unsigned int) c2);
+
+ /* Length includes itself, so must be at least 2 */
+ /* Following Exif data length must be at least 6 */
+ if (length < 8)
+ exif_offset = 0;
+
+ exif_offset += 2;
+
+ /* No marker tag. */
+ if (exif_data[0] != 0xFF)
+ exif_offset = 0;
+
+ /* Exif if APP1 is found. */
+ if (exif_data[1] == 0xE1)
+ break;
+
+ exif_offset += length;
+
+ /* Some other marker found, seek to next one. */
+ if (-1 == fseek(myfile, length - 2, SEEK_CUR))
+ /* Can't seek. */
+ exif_offset = 0;
+ }
+
+ /* check if something went wrong */
+ if (!exif_offset)
+ goto clean_return;
+
+ length -= 8;
+ /* Read Exif head, check for "Exif" */
+ for (i = 0; i < 6; i++) {
+ int c;
+ c = getc(myfile);
+ if (c == EOF)
+ goto clean_return;
+ exif_data[i] = (unsigned char) c;
+ }
+
+ if (exif_data[0] != 0x45 || exif_data[1] != 0x78 || exif_data[2] != 0x69 ||
+ exif_data[3] != 0x66 || exif_data[4] != 0 || exif_data[5] != 0)
+ goto clean_return;
+
+ /* Read Exif body */
+ for (i = 0; i < length; i++) {
+ int c;
+ c = getc(myfile);
+ if (c == EOF)
+ goto clean_return;
+ exif_data[i] = (unsigned char) c;
+ }



How do you make sure that there won't be an overflow of the exif_data[] 
array? I see no checks that length is smaller than the size of this array 
which is a fixed constant.


Regards,
BALATON Zoltan


--
To unsubscribe, send mail to [email protected].






















					Reply via email to