diff options
| author | Jaesung Chung <jaesung@google.com> | 2016-01-25 20:22:20 +0900 |
|---|---|---|
| committer | Jaesung Chung <jaesung@google.com> | 2016-01-26 11:49:27 +0900 |
| commit | 0e283e429e2d17ed746ffde362fb1bc7125f8035 (patch) | |
| tree | ae6ec5d23d862f89638a91c676d9081633f442ba | |
| parent | d42bb6218a583cd78a4fa49271f605b77d7b0246 (diff) | |
| download | jhead-0e283e429e2d17ed746ffde362fb1bc7125f8035.tar.gz | |
Fix first IFD offset checking code
Bug: 26223808
Change-Id: I2bd8036b41bdec80b3be7408ae8216db37290f03
| -rw-r--r-- | exif.c | 7 |
1 files changed, 3 insertions, 4 deletions
@@ -1081,7 +1081,7 @@ static void ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase, //-------------------------------------------------------------------------- void process_EXIF (unsigned char * ExifSection, unsigned int length) { - int FirstOffset; + unsigned FirstOffset; FocalplaneXRes = 0; FocalplaneUnits = 0; @@ -1120,9 +1120,8 @@ void process_EXIF (unsigned char * ExifSection, unsigned int length) } FirstOffset = Get32u(ExifSection+12); - if (FirstOffset < 8 || FirstOffset > 16){ - // Usually set to 8, but other values valid too. - ErrNonfatal("Suspicious offset of first IFD value",0,0); + if (FirstOffset < 8 || FirstOffset+8 >= length) { + ErrNonfatal("Invalid offset of first IFD value: %u", FirstOffset, 0); return; } |