Log a message when corrupted MakerNotes are found for Canon and Fuji

author Dan Fandrich <dan@coneharvesters.com>

Wed, 14 Jan 2009 06:31:18 +0000 (22:31 -0800)

committer Dan Fandrich <dan@coneharvesters.com>

Wed, 14 Jan 2009 06:31:18 +0000 (22:31 -0800)
author Dan Fandrich <dan@coneharvesters.com>
Wed, 14 Jan 2009 06:31:18 +0000 (22:31 -0800)
committer Dan Fandrich <dan@coneharvesters.com>
Wed, 14 Jan 2009 06:31:18 +0000 (22:31 -0800)
diff --git a/libexif/canon/exif-mnote-data-canon.c b/libexif/canon/exif-mnote-data-canon.c

index 2783d15..8d1b5f5 100644 (file)
--- a/libexif/canon/exif-mnote-data-canon.c
+++ b/libexif/canon/exif-mnote-data-canon.c
@@ -207,11 +207,16 @@ exif_mnote_data_canon_load (ExifMnoteData *ne,
         /* Parse the entries */
         for (i = 0; i < c; i++) {
                 o = 6 + 2 + n->offset + 12 * i;
-         if (o + 8 > buf_size) return;
+               if (o + 8 > buf_size) {
+                               exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
+                                         "ExifMnoteCanon",
+                                         "Short MakerNote");
+                               return;
+               }
  
                 t = exif_mem_realloc (ne->mem, n->entries,
                                 sizeof (MnoteCanonEntry) * (i + 1));
-               if (!t) return;
+               if (!t) return; /* out of memory */
                 n->count = i + 1;
                 n->entries = t;
                 memset (&n->entries[i], 0, sizeof (MnoteCanonEntry));
@@ -220,19 +225,34 @@ exif_mnote_data_canon_load (ExifMnoteData *ne,
           n->entries[i].components = exif_get_long (buf + o + 4, n->order);
           n->entries[i].order      = n->order;
  
+         exif_log (ne->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteCanon",
+                               "Loading entry 0x%x ('%s')...", n->entries[i].tag,
+                mnote_canon_tag_get_name (n->entries[i].tag));
+
           /*
            * Size? If bigger than 4 bytes, the actual data is not
            * in the entry but somewhere else (offset).
            */
           s = exif_format_get_size (n->entries[i].format) * n->entries[i].components;
-               if (!s) return;
+               if (!s) {
+                               exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
+                                         "ExifMnoteCanon",
+                                         "Invalid zero-length tag size");
+                               return;
+           }
                 o += 8;
                 if (s > 4) o = exif_get_long (buf + o, n->order) + 6;
-               if (o + s > buf_size) return;
+               if (o + s > buf_size) {
+                       exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
+                                         "ExifMnoteCanon",
+                                         "Tag data past end of buffer (%u > %u)",
+                                         o+s, buf_size);
+                       return;
+            }
  
                 /* Sanity check */
                 n->entries[i].data = exif_mem_alloc (ne->mem, sizeof (char) * s);
-               if (!n->entries[i].data) return;
+               if (!n->entries[i].data) return; /* out of memory */
                 n->entries[i].size = s;
                 memcpy (n->entries[i].data, buf + o, s);
         }
diff --git a/libexif/fuji/exif-mnote-data-fuji.c b/libexif/fuji/exif-mnote-data-fuji.c

index b7b311b..9a5677c 100644 (file)
--- a/libexif/fuji/exif-mnote-data-fuji.c
+++ b/libexif/fuji/exif-mnote-data-fuji.c
@@ -167,7 +167,11 @@ exif_mnote_data_fuji_load (ExifMnoteData *en,
         /* Parse the entries */
         for (i = 0; i < c; i++) {
                 o = datao + 12 * i;
-               if (datao + 12 > buf_size) return;
+               if (datao + 12 > buf_size) {
+                       exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
+                                 "ExifMnoteDataFuji", "Short MakerNote");
+                       return;
+               }
  
                 t = exif_mem_realloc (en->mem, n->entries,
                                 sizeof (MnoteFujiEntry) * (i + 1));
@@ -188,7 +192,12 @@ exif_mnote_data_fuji_load (ExifMnoteData *en,
                 if (!s) return;
                 o += 8;
                 if (s > 4) o = exif_get_long (buf + o, n->order) + 6 + n->offset;
-               if (o + s > buf_size) return;
+               if (o + s > buf_size) {
+                       exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteDataFuji",
+                                         "Tag data past end of buffer (%u > %u)",
+                                         o+s, buf_size);
+                       return;
+               }
  
                 /* Sanity check */
                 n->entries[i].data = exif_mem_alloc (en->mem, s);
author	Dan Fandrich <dan@coneharvesters.com>
	Wed, 14 Jan 2009 06:31:18 +0000 (22:31 -0800)
committer	Dan Fandrich <dan@coneharvesters.com>
	Wed, 14 Jan 2009 06:31:18 +0000 (22:31 -0800)
libexif/canon/exif-mnote-data-canon.c		patch \| blob \| history
libexif/fuji/exif-mnote-data-fuji.c		patch \| blob \| history