From f536a6573a126d75b59aa4fe862c9ca91bd30298 Mon Sep 17 00:00:00 2001
From: Jan Patera <patera@pictview.com>
Date: Thu, 16 Dec 2004 22:00:26 +0100
Subject: [PATCH] Don't crash if IFD1 offset out of available data

---
 libexif/exif-data.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libexif/exif-data.c b/libexif/exif-data.c
index 62b5411..f1c71da 100644
--- a/libexif/exif-data.c
+++ b/libexif/exif-data.c
@@ -719,7 +719,13 @@ exif_data_load_data (ExifData *data, const unsigned char *d_orig,
 				     ds - 6, offset);
 
 	/* IFD 1 offset */
+	if (offset + 6 + 2 > ds) {
+		return;
+	}
 	n = exif_get_short (d + 6 + offset, data->priv->order);
+	if (offset + 6 + 2 + 12 * n + 4 > ds) {
+		return;
+	}
 	offset = exif_get_long (d + 6 + offset + 2 + 12 * n, data->priv->order);
 	if (offset) {
 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
-- 
2.7.4