diff options
author | Marco Nelissen <marcone@google.com> | 2016-06-09 14:07:50 -0700 |
---|---|---|
committer | The Android Automerger <android-build@google.com> | 2016-06-23 15:05:07 -0700 |
commit | bae671597d47b9e5955c4cb742e468cebfd7ca6b (patch) | |
tree | e6c1fac71143a5b0cde5934c99649cf6d3528b8d | |
parent | 5c8f937269957e6651383e988006824781fd021a (diff) | |
download | jhead-bae671597d47b9e5955c4cb742e468cebfd7ca6b.tar.gz |
Fix possible out of bounds accessandroid-6.0.1_r61android-6.0.1_r60android-6.0.1_r59android-6.0.1_r58
Bug: 28868315
Change-Id: I2b416c662f9ad7f9b3c6cf973a39c6693c66775a
-rw-r--r-- | exif.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -614,7 +614,7 @@ static void ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase, unsigned OffsetVal; OffsetVal = Get32u(DirEntry+8); // If its bigger than 4 bytes, the dir entry contains an offset. - if (OffsetVal+ByteCount > ExifLength){ + if (OffsetVal > UINT32_MAX - ByteCount || OffsetVal+ByteCount > ExifLength){ // Bogus pointer offset and / or bytecount value ErrNonfatal("Illegal value pointer for tag %04x", Tag,0); continue; |