diff options
Diffstat (limited to 'media-libs/libexif/files/libexif-0.5-CAN-2005-0664.patch')
| -rw-r--r-- | media-libs/libexif/files/libexif-0.5-CAN-2005-0664.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/media-libs/libexif/files/libexif-0.5-CAN-2005-0664.patch b/media-libs/libexif/files/libexif-0.5-CAN-2005-0664.patch new file mode 100644 index 000000000000..7621c49651c1 --- /dev/null +++ b/media-libs/libexif/files/libexif-0.5-CAN-2005-0664.patch @@ -0,0 +1,30 @@ +--- libexif-0.5.12/libexif/exif-data.c.buffer-overflow 2005-03-08 05:24:31.000000000 -0500 ++++ libexif-0.5.12/libexif/exif-data.c 2005-03-08 05:26:30.000000000 -0500 +@@ -551,7 +551,7 @@ + #endif + + /* Byte order (offset 6, length 2) */ +- if (size < 12) ++ if (size < 14) + return; + if (!memcmp (d + 6, "II", 2)) + data->priv->order = EXIF_BYTE_ORDER_INTEL; +@@ -570,12 +570,18 @@ + printf ("IFD 0 at %i.\n", (int) offset); + #endif + ++ if (size < 6 + 4 + offset) ++ return; ++ + /* Parse the actual exif data (offset 14) */ + exif_data_load_data_content (data, data->ifd[EXIF_IFD_0], d + 6, + size - 6, offset); + + /* IFD 1 offset */ + n = exif_get_short (d + 6 + offset, data->priv->order); ++ if (size < 6 + offset + 2 + 12 * n + 4) ++ return; ++ + offset = exif_get_long (d + 6 + offset + 2 + 12 * n, data->priv->order); + if (offset) { + #ifdef DEBUG |