void-packages/srcpkgs/jhead/patches/CVE-2016-3822.patch

20 lines
673 B
Diff

--- exif.c
+++ exif.c
@@ -9,6 +9,7 @@
#include "jhead.h"
#include <math.h>
+#include <stdint.h>
static unsigned char * DirWithThumbnailPtrs;
static double FocalplaneXRes;
@@ -527,7 +528,7 @@
unsigned OffsetVal;
OffsetVal = Get32u(DirEntry+8);
// If its bigger than 4 bytes, the dir entry contains an offset.
- if (OffsetVal+ByteCount > ExifLength){
+ if (OffsetVal > UINT32_MAX - ByteCount || OffsetVal+ByteCount > ExifLength){
// Bogus pointer offset and / or bytecount value
ErrNonfatal("Illegal value pointer for tag %04x in Exif", Tag,0);
continue;