24 lines
729 B
Diff
24 lines
729 B
Diff
From: Ludovic Rousseau <rousseau@debian.org>
|
|
Date: Sat, 3 Feb 2018 10:23:09 +0100
|
|
Subject: Fix heap buffer overflow
|
|
|
|
Bug-Debian: http://bugs.debian.org/889272
|
|
|
|
---
|
|
exif.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/exif.c b/exif.c
|
|
index bcde6c8..1dee145 100644
|
|
--- exif.c
|
|
+++ exif.c
|
|
@@ -1020,7 +1020,7 @@ void process_EXIF (unsigned char * ExifSection, unsigned int length)
|
|
|
|
FirstOffset = Get32u(ExifSection+12);
|
|
if (FirstOffset < 8 || FirstOffset > 16){
|
|
- if (FirstOffset < 16 || FirstOffset > length-16){
|
|
+ if (FirstOffset < 16 || length < 16 || FirstOffset > length-16){
|
|
ErrNonfatal("invalid offset for first Exif IFD value",0,0);
|
|
return;
|
|
}
|