Fix a overrun

data_offset + data_length could be bigger than guint which makes the calculation overflow to a value smaller then size.
BestImageViewer · Jul 18, 2009 · 7c7eb0a · 7c7eb0a
1 parent 6e739c9
commit 7c7eb0a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/exif.c b/src/exif.c
@@ -927,7 +927,7 @@ static gint exif_parse_IFD_entry(ExifData *exif, guchar *tiff, guint offset,
 	if (data_length > 4)
 		{
 		data_offset = data_val;
-		if (size < data_offset + data_length)
+		if (size < data_offset || size < data_offset + data_length)
 			{
 			log_printf("warning: exif tag %s data will overrun end of file, ignored.\n", marker->key);
 			return -1;