2007-12-14 Lutz Mueller <lutz@users.sourceforge.net>
+ Bug pointed out by Meder Kydyraliev, Google Security Team:
+
+ * libexif/exif-data.c: (exif_data_load_data_thumbnail) Ignore bugus
+ data.
+
+2007-12-14 Lutz Mueller <lutz@users.sourceforge.net>
+
* README: Point users to some tools needed to build libexif.
* configure.ac: It looks like po/Makefile.in is already registered
with AC_CONFIG_FILES (whatever this means).
exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
unsigned int ds, ExifLong offset, ExifLong size)
{
- if (ds < offset + size) {
+ if ((ds < offset + size) || (offset < 0) || (offset > ds)) {
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
- "Bogus thumbnail offset and size: %i < %i + %i.",
- (int) ds, (int) offset, (int) size);
+ "Bogus thumbnail offset and size.");
return;
}
if (data->data)