From: Marcus Meissner <marcus@jet.franken.de>
Date: Fri, 25 Jul 2008 21:25:58 +0000 (+0200)
Subject: handle the case where we realloc to 0 entries,
X-Git-Tag: libexif-0_6_21-release~234
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f251c826ee6b3f3be20ce5509f9fe26add7adaad;p=platform%2Fupstream%2Flibexif.git

handle the case where we realloc to 0 entries,
triggered for instance by GIMP or EOG which clean their data.
---

diff --git a/ChangeLog b/ChangeLog
index 1db7f87..7c02e32 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2008-07-25  Marcus Meissner  <marcus@jet.franken.de>
+
+	* libexif/exif-content.c: Handle realloc to 0 case
+	  correctly. Fixes EOG and GIMP crashes.
+
 2008-06-26  Jan Patera <patera@users.sourceforge.net>
 
 	* libexif/olympus/exif-mnote-data-olympus.c: better support for
diff --git a/libexif/exif-content.c b/libexif/exif-content.c
index ac4b346..a80a99d 100644
--- a/libexif/exif-content.c
+++ b/libexif/exif-content.c
@@ -157,7 +157,7 @@ void
 exif_content_remove_entry (ExifContent *c, ExifEntry *e)
 {
 	unsigned int i;
-	ExifEntry **t;
+	ExifEntry **t, *temp;
 
 	if (!c || !c->priv || !e || (e->parent != c)) return;
 
@@ -166,15 +166,25 @@ exif_content_remove_entry (ExifContent *c, ExifEntry *e)
 	if (i == c->count) return;
 
 	/* Remove the entry */
-	memmove (&c->entries[i], &c->entries[i + 1],
+	temp = c->entries[i];
+	memcpy (&c->entries[i], &c->entries[i + 1],
 		 sizeof (ExifEntry*) * (c->count - i - 1));
 	e->parent = NULL;
 	exif_entry_unref (e);
-	t = exif_mem_realloc (c->priv->mem, c->entries,
-				sizeof(ExifEntry*) * (c->count - 1));
-	if (t) {
-		c->entries = t;
-		c->count--;
+	if (c->count > 1) {
+		t = exif_mem_realloc (c->priv->mem, c->entries,
+					sizeof(ExifEntry*) * (c->count - 1));
+		if (t) {
+			c->entries = t;
+			c->count--;
+		} else {
+			/* We overwrote one entry, restore it now. */
+			c->entries[c->count-1] = temp;
+		}
+	} else {
+		exif_mem_free (c->priv->mem, c->entries);
+		c->entries = NULL;
+		c->count = 0;
 	}
 }