diff options
-rw-r--r-- | exif.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -658,7 +658,7 @@ static void ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase, unsigned OffsetVal; OffsetVal = Get32u(DirEntry+8); // If its bigger than 4 bytes, the dir entry contains an offset. - if (OffsetVal+ByteCount > ExifLength){ + if (OffsetVal > UINT32_MAX - ByteCount || OffsetVal+ByteCount > ExifLength){ // Bogus pointer offset and / or bytecount value ErrNonfatal("Illegal value pointer for tag %04x", Tag,0); continue; |