emile_image: add error handling code for ifd_offset value

Signed-off-by: JEONGHYUN YUN <jh0506.yun@samsung.com>

diff --git a/src/lib/emile/emile_image.c b/src/lib/emile/emile_image.c
index b342e3e8be0e4267d24b22129348009b75ee750b..309dbbb9991df3d456e210fd9bbaed53b27787cb 100644 (file)
--- a/src/lib/emile/emile_image.c
+++ b/src/lib/emile/emile_image.c
@@ -933,6 +933,10 @@ _get_orientation_app1(const unsigned char *map,
      {
         // get 4byte by little endian
         ifd_offset += (*(buf + 14) << 24) + (*(buf + 15) << 16) + (*(buf + 16) << 8) + (*(buf + 17));
+
+        if (ifd_offset > fsize)
+          return EINA_FALSE;
+
         byte_align = EXIF_BYTE_ALIGN_MM;
         num_directory = ((*(buf + ifd_offset) << 8) + *(buf + ifd_offset + 1));
         orientation[0] = 0x01;
@@ -942,6 +946,10 @@ _get_orientation_app1(const unsigned char *map,
      {
         // get 4byte by big endian
         ifd_offset += (*(buf + 14))  + (*(buf + 15) << 8) + (*(buf + 16) << 16) + (*(buf + 17) << 24);
+
+        if (ifd_offset > fsize)
+          return EINA_FALSE;
+
         byte_align = EXIF_BYTE_ALIGN_II;
         num_directory = ((*(buf + ifd_offset + 1) << 8) + *(buf + ifd_offset));
         orientation[0] = 0x12;