#841: Additional check to prevent issues with the sign when casting uint32_t to long.

2012-08-31 04:31:05 +00:00 · 2012-08-31 04:31:05 +00:00 · 60560ff051
commit 60560ff051
parent 9b7f1de5c0
1 changed files with 3 additions and 1 deletions
--- a/src/pngimage.cpp
+++ b/src/pngimage.cpp
@ -136,7 +136,9 @@ namespace Exiv2 {
            // Decode chunk data length.
            uint32_t dataOffset = Exiv2::getULong(cheaderBuf.pData_, Exiv2::bigEndian);
            long pos = io_->tell();
-            if (pos == -1 || static_cast<long>(dataOffset) > imgSize - pos) throw Exiv2::Error(14);
+            if (   pos == -1
+                || dataOffset > uint32_t(0x7FFFFFFF)
+                || static_cast<long>(dataOffset) > imgSize - pos) throw Exiv2::Error(14);

            // Perform a chunk triage for item that we need.