Fixed an error checking weakness reported in bug #1536244. It looks like

that particular bug was actually solved earlier, but this doesn't hurt.

diff --git a/NEWS b/NEWS
index c54ea61..7879fab 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,7 +2,7 @@ libexif-0.6.16.2:
   * Updated translations: cs, de, pl, sk, vi
   * New translations: nl, se, en_CA
   * Enabled sv translation by default
-  * Bug fixes: #1773810, #1774626, CVE-2007-6351, CVE-2007-6352
+  * Bug fixes: #1773810, #1774626, #1536244, CVE-2007-6351, CVE-2007-6352
   * Enhanced support of Canon and Olympus makernotes 
   * Added support for Fuji and Sanyo makernotes
   * Added support for the NO_VERBOSE_TAG_STRINGS and NO_VERBOSE_TAG_DATA

diff --git a/libexif/exif-data.c b/libexif/exif-data.c
index 25c80fc..eb007cb 100644 (file)
--- a/libexif/exif-data.c
+++ b/libexif/exif-data.c
@@ -916,14 +916,19 @@ exif_data_load_data (ExifData *data, const unsigned char *d_orig,
 void
 exif_data_save_data (ExifData *data, unsigned char **d, unsigned int *ds)
 {
+       if (ds)
+               *ds = 0;        /* This means something went wrong */
+
        if (!data || !d || !ds)
                return;
 
        /* Header */
        *ds = 14;
        *d = exif_data_alloc (data, *ds);
-       if (!*d) 
+       if (!*d)  {
+               *ds = 0;
                return;
+       }
        memcpy (*d, ExifHeader, 6);
 
        /* Order (offset 6) */

diff --git a/libexif/exif-loader.c b/libexif/exif-loader.c
index a8b8170..8ad2336 100644 (file)
--- a/libexif/exif-loader.c
+++ b/libexif/exif-loader.c
@@ -381,7 +381,7 @@ exif_loader_get_data (ExifLoader *loader)
 {
        ExifData *ed;
 
-       if (!loader) 
+       if (!loader || (loader->data_format == EL_DATA_FORMAT_UNKNOWN))
                return NULL;
 
        ed = exif_data_new_mem (loader->mem);