From: Jan Patera <patera@pictview.com>
Date: Thu, 16 Dec 2004 21:00:26 +0000 (+0100)
Subject: Don't crash if IFD1 offset out of available data
X-Git-Tag: libexif-0_6_21-release~684
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f536a6573a126d75b59aa4fe862c9ca91bd30298;p=platform%2Fupstream%2Flibexif.git

Don't crash if IFD1 offset out of available data
---

diff --git a/libexif/exif-data.c b/libexif/exif-data.c
index 62b5411..f1c71da 100644
--- a/libexif/exif-data.c
+++ b/libexif/exif-data.c
@@ -719,7 +719,13 @@ exif_data_load_data (ExifData *data, const unsigned char *d_orig,
 				     ds - 6, offset);
 
 	/* IFD 1 offset */
+	if (offset + 6 + 2 > ds) {
+		return;
+	}
 	n = exif_get_short (d + 6 + offset, data->priv->order);
+	if (offset + 6 + 2 + 12 * n + 4 > ds) {
+		return;
+	}
 	offset = exif_get_long (d + 6 + offset + 2 + 12 * n, data->priv->order);
 	if (offset) {
 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",