2007-12-14 Lutz Mueller <lutz@users.sourceforge.net>

	Bug pointed out by Meder Kydyraliev, Google Security Team:

	* libexif/exif-data.c: (exif_data_load_data_thumbnail) Ignore bugus
	data.

diff --git a/ChangeLog b/ChangeLog
index 9a5a225..0ed8f18 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 2007-12-14  Lutz Mueller <lutz@users.sourceforge.net>
 
+       Bug pointed out by Meder Kydyraliev, Google Security Team:
+
+       * libexif/exif-data.c: (exif_data_load_data_thumbnail) Ignore bugus
+       data.
+
+2007-12-14  Lutz Mueller <lutz@users.sourceforge.net>
+
        * README: Point users to some tools needed to build libexif.
        * configure.ac: It looks like po/Makefile.in is already registered
        with AC_CONFIG_FILES (whatever this means).

diff --git a/libexif/exif-data.c b/libexif/exif-data.c
index e2c3591..53b5bf8 100644 (file)
--- a/libexif/exif-data.c
+++ b/libexif/exif-data.c
@@ -299,10 +299,9 @@ static void
 exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
                               unsigned int ds, ExifLong offset, ExifLong size)
 {
-       if (ds < offset + size) {
+       if ((ds < offset + size) || (offset < 0) || (offset > ds)) {
                exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
-                         "Bogus thumbnail offset and size: %i < %i + %i.",
-                         (int) ds, (int) offset, (int) size);
+                         "Bogus thumbnail offset and size.");
                return;
        }
        if (data->data)