diff --git a/include/exiv2/webpimage.hpp b/include/exiv2/webpimage.hpp index 456b2122..bd8be56c 100644 --- a/include/exiv2/webpimage.hpp +++ b/include/exiv2/webpimage.hpp @@ -93,7 +93,7 @@ namespace Exiv2 { byte *header, long header_size); bool equalsWebPTag(Exiv2::DataBuf& buf ,const char* str); void debugPrintHex(byte *data, long size); - void decodeChunks(uint32_t filesize); + void decodeChunks(long filesize); void inject_VP8X(BasicIo& iIo, bool has_xmp, bool has_exif, bool has_alpha, bool has_icc, int width, int height); diff --git a/src/webpimage.cpp b/src/webpimage.cpp index e66d577c..15069cb7 100644 --- a/src/webpimage.cpp +++ b/src/webpimage.cpp @@ -500,13 +500,14 @@ namespace Exiv2 { readOrThrow(*io_, data, WEBP_TAG_SIZE * 3, Exiv2::kerCorruptedMetadata); - const uint32_t filesize = Exiv2::getULong(data + WEBP_TAG_SIZE, littleEndian) + 8; - enforce(filesize <= io_->size(), Exiv2::kerCorruptedMetadata); + const long filesize = Exiv2::getULong(data + WEBP_TAG_SIZE, littleEndian) + 8; + enforce(0 <= filesize, Exiv2::kerCorruptedMetadata); + enforce((size_t)filesize <= io_->size(), Exiv2::kerCorruptedMetadata); WebPImage::decodeChunks(filesize); } // WebPImage::readMetadata - void WebPImage::decodeChunks(uint32_t filesize) + void WebPImage::decodeChunks(long filesize) { DataBuf chunkId(5); byte size_buff[WEBP_TAG_SIZE]; @@ -517,10 +518,11 @@ namespace Exiv2 { #endif chunkId.pData_[4] = '\0' ; - while ( !io_->eof() && (uint64_t) io_->tell() < filesize) { + while (!io_->eof() && io_->tell() < filesize) { readOrThrow(*io_, chunkId.pData_, WEBP_TAG_SIZE, Exiv2::kerCorruptedMetadata); readOrThrow(*io_, size_buff, WEBP_TAG_SIZE, Exiv2::kerCorruptedMetadata); - const uint32_t size = Exiv2::getULong(size_buff, littleEndian); + const long size = Exiv2::getULong(size_buff, littleEndian); + enforce(0 <= size, Exiv2::kerCorruptedMetadata); enforce(io_->tell() <= filesize, Exiv2::kerCorruptedMetadata); enforce(size <= (filesize - io_->tell()), Exiv2::kerCorruptedMetadata);