third_party/exiv2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

#513: Added check for size of IFD entries to prevent crash.

Browse Source
This commit is contained in:
Andreas Huggel
2007-04-30 15:57:23 +00:00
parent 08f44fc528
commit 9bdd35fa14
1 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/ifd.cpp
+15 -1
View File
@@ -356,7 +356,21 @@ namespace Exiv2 {
pe.tag_ = getUShort(buf + o, byteOrder);
pe.type_ = getUShort(buf + o + 2, byteOrder);
pe.count_ = getULong(buf + o + 4, byteOrder);
pe.size_ = pe.count_ * TypeInfo::typeSize(TypeId(pe.type_));
uint32_t ts = TypeInfo::typeSize(TypeId(pe.type_));
if (pe.count_ >= 0x10000000 && ts != 0) {
if (pe.count_ >= 0x80000000 / ts) {
#ifndef SUPPRESS_WARNINGS
std::cerr << "Warning: "
<< ExifTags::ifdName(ifdId_) << " tag 0x"
<< std::setw(4) << std::setfill('0') << std::hex
<< pe.tag_ << " has invalid size "
<< std::dec << pe.count_ << "*" << ts
<< "; truncating the data.\n";
#endif
pe.count_ = 0;
}
}
pe.size_ = pe.count_ * ts;
pe.offsetLoc_ = o + 8 - shift;
pe.offset_ = pe.size_ > 4 ? getLong(buf + o + 8, byteOrder) : 0;
preEntries.push_back(pe);