[SATIZENVUL-915] Add check for EXIF thumbnail size

Change-Id: I08198862f5f2e26fb53da99c0080d8488338dabe
Signed-off-by: Minje Ahn <minje.ahn@samsung.com>

diff --git a/src/media-thumb-internal.c b/src/media-thumb-internal.c
index 65332c6..e359e91 100755 (executable)
--- a/src/media-thumb-internal.c
+++ b/src/media-thumb-internal.c
@@ -389,7 +389,12 @@ static int _media_thumb_get_data_from_exif(ExifData *ed,
 
        /* copy the real thumbnail data from exif data */
        if (ed->data && ed->size) {
-               //thumb_dbg("Size: %d, thumb: 0x%x", ed->size, ed->data);
+               /* NOTICE : ExifData->size type is unsigned int, But Internal IPC, and CAPI use int */
+               if (ed->size > INT_MAX) {
+                       thumb_err("EXIF thumbnail size is over INT_MAX");
+                       return MS_MEDIA_ERR_THUMB_TOO_BIG;
+               }
+
                *thumb_data = (char *)malloc(ed->size);
 
                if (*thumb_data == NULL) {
@@ -508,7 +513,7 @@ int _media_thumb_get_thumb_from_exif(ExifData *ed,
        }
 
        if (is_rotated) {
-               err = mm_util_decode_from_jpeg_memory(&decoded, thumb, size, MM_UTIL_JPEG_FMT_RGB888);
+               err = mm_util_decode_from_jpeg_memory(&decoded, thumb, (unsigned int)size, MM_UTIL_JPEG_FMT_RGB888);
                SAFE_FREE(thumb);
                if (err != MS_MEDIA_ERR_NONE) {
                        thumb_err("mm_util_decode_from_jpeg_turbo_memory failed : %d", err);