Don't crash if IFD1 offset out of available data

author Jan Patera <patera@pictview.com>

Thu, 16 Dec 2004 21:00:26 +0000 (22:00 +0100)

committer Jan Patera <patera@pictview.com>

Thu, 16 Dec 2004 21:00:26 +0000 (22:00 +0100)
author Jan Patera <patera@pictview.com>
Thu, 16 Dec 2004 21:00:26 +0000 (22:00 +0100)
committer Jan Patera <patera@pictview.com>
Thu, 16 Dec 2004 21:00:26 +0000 (22:00 +0100)
diff --git a/libexif/exif-data.c b/libexif/exif-data.c

index 62b5411..f1c71da 100644 (file)
--- a/libexif/exif-data.c
+++ b/libexif/exif-data.c
@@ -719,7 +719,13 @@ exif_data_load_data (ExifData *data, const unsigned char *d_orig,
                                      ds - 6, offset);
  
         /* IFD 1 offset */
+       if (offset + 6 + 2 > ds) {
+               return;
+       }
         n = exif_get_short (d + 6 + offset, data->priv->order);
+       if (offset + 6 + 2 + 12 * n + 4 > ds) {
+               return;
+       }
         offset = exif_get_long (d + 6 + offset + 2 + 12 * n, data->priv->order);
         if (offset) {
                 exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
author	Jan Patera <patera@pictview.com>
	Thu, 16 Dec 2004 21:00:26 +0000 (22:00 +0100)
committer	Jan Patera <patera@pictview.com>
	Thu, 16 Dec 2004 21:00:26 +0000 (22:00 +0100)