From 32d33cec2a93ec1a3bc0e8cc489090eefc3285b8 Mon Sep 17 00:00:00 2001
From: Lutz Mueller <lutz.s.mueller@gmail.com>
Date: Thu, 29 Aug 2002 23:47:09 +0200
Subject: [PATCH] =?utf8?q?2002-08-29=20=20Lutz=20M=C3=BCller=20<lutz@users?=
 =?utf8?q?.sourceforge.net>?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

	Renchi Raju <renchi@pooh.tam.uiuc.edu> found another bug in

	* libexif/exif-data.c: Correctly save the data.
	* configure.in: Version 0.5.6.
---
 ChangeLog           |  7 +++++++
 configure.in        |  2 +-
 libexif/exif-data.c | 33 +++++++++++++++++++++++++--------
 3 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1e8852c..bb878ed 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 2002-08-29  Lutz Müller <lutz@users.sourceforge.net>
 
+	Renchi Raju <renchi@pooh.tam.uiuc.edu> found another bug in 
+
+	* libexif/exif-data.c: Correctly save the data.
+	* configure.in: Version 0.5.6.
+
+2002-08-29  Lutz Müller <lutz@users.sourceforge.net>
+
 	Jason Sodergren <jason@taiga.com> found a lot of bugs in
 
 	* libexif/exif-data.c: Correctly save the data.
diff --git a/configure.in b/configure.in
index a2a90c9..250117b 100644
--- a/configure.in
+++ b/configure.in
@@ -1,7 +1,7 @@
 AC_PREREQ(2.50)
 AC_INIT(libexif/exif-data.h)
 AM_CONFIG_HEADER(config.h)
-AM_INIT_AUTOMAKE(libexif, 0.5.5)
+AM_INIT_AUTOMAKE(libexif, 0.5.6)
 AM_MAINTAINER_MODE
 
 dnl ---------------------------------------------------------------------------
diff --git a/libexif/exif-data.c b/libexif/exif-data.c
index 0b51347..f854124 100644
--- a/libexif/exif-data.c
+++ b/libexif/exif-data.c
@@ -32,7 +32,7 @@
 #undef MAX
 #define MAX(a, b)  (((a) > (b)) ? (a) : (b))
 
-//#define DEBUG
+#define DEBUG
 
 static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00};
 
@@ -261,14 +261,20 @@ exif_data_save_data_content (ExifData *data, ExifContent *ifd,
 	/*
 	 * Check if we need some extra entries for pointers or the thumbnail.
 	 */
-	if (ifd == data->ifd[EXIF_IFD_1]) {
+	if (ifd == data->ifd[EXIF_IFD_0]) {
+
+		/*
+		 * The pointer to IFD_EXIF is in IFD_0. The pointer to
+		 * IFD_INTEROPERABILITY is in IFD_EXIF.
+		 */
 		if (data->ifd[EXIF_IFD_EXIF]->count || data->ifd[EXIF_IFD_INTEROPERABILITY]->count)
 			n_ptr++;
+
+		/* The pointer to IFD_GPS is in IFD_0. */
 		if (data->ifd[EXIF_IFD_GPS]->count)
 			n_ptr++;
-	} else if (ifd == data->ifd[EXIF_IFD_1]) {
-		if (data->size)
-			n_thumb = 2;
+	} else if ((ifd == data->ifd[EXIF_IFD_1]) && data->size) {
+		n_thumb = 2;
 	} else if (ifd == data->ifd[EXIF_IFD_EXIF]) {
 		if (data->ifd[EXIF_IFD_INTEROPERABILITY]->count)
 			n_ptr++;
@@ -344,7 +350,8 @@ exif_data_save_data_content (ExifData *data, ExifContent *ifd,
 		offset += 12;
 	}
 
-	if (n_thumb) {
+	/* Information about the thumbnail (if any) is saved in IFD_1. */
+	if ((ifd == data->ifd[EXIF_IFD_1]) && data->size) {
 
 		/* EXIF_TAG_JPEG_INTERCHANGE_FORMAT */
 		exif_set_short (*d + 6 + offset + 0, data->priv->order,
@@ -365,12 +372,13 @@ exif_data_save_data_content (ExifData *data, ExifContent *ifd,
 		exif_set_short (*d + 6 + offset + 2, data->priv->order,
 				EXIF_FORMAT_LONG);
 		exif_set_long  (*d + 6 + offset + 4, data->priv->order, 1);
-		exif_set_long  (*d + 6 + offset + 8, data->priv->order,
+		exif_set_long  (*d + 6 + offset + 8, data->priv->order, 
 				data->size);
 		offset += 12;
 	}
 
-	if (ifd == data->ifd[EXIF_IFD_0] && data->ifd[EXIF_IFD_1]->count) {
+	if (ifd == data->ifd[EXIF_IFD_0] && (data->ifd[EXIF_IFD_1]->count ||
+					     data->size)) {
 
 		/*
 		 * We are saving IFD 0. Tell where IFD 1 starts and save
@@ -521,6 +529,15 @@ exif_data_load_data (ExifData *data, const unsigned char *d, unsigned int size)
 #ifdef DEBUG
 		printf ("IFD 1 at %i.\n", (int) offset);
 #endif
+
+		/* Sanity check. */
+		if (offset > size - 6) {
+#ifdef DEBUG
+			printf ("Bogus offset!\n");
+#endif
+			return;
+		}
+
 		exif_data_load_data_content (data, data->ifd[EXIF_IFD_1], d + 6,
 					     size - 6, offset);
 	}
-- 
2.7.4