LogoopenSUSE Build Service > Projects
Sign Up | Log In

View File libexif-CVE-2007-6351-CVE-2007-6352.patch of Package libexif (Project DISCONTINUED:openSUSE:10.3:Update)

Index: libexif/exif-data.c
===================================================================
RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v
retrieving revision 1.100
retrieving revision 1.105
diff -u -r1.100 -r1.105
--- libexif/exif-data.c	30 Oct 2007 06:45:23 -0000	1.100
+++ libexif/exif-data.c	16 Dec 2007 16:59:30 -0000	1.105
@@ -298,10 +299,10 @@
 exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
 			       unsigned int ds, ExifLong offset, ExifLong size)
 {
-	if (ds < offset + size) {
+	if ((ds < offset + size) || (offset > ds)) {
 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
-			  "Bogus thumbnail offset and size: %i < %i + %i.",
-			  (int) ds, (int) offset, (int) size);
+			  "Bogus thumbnail offset (%u) or size (%u).",
+			  offset, size);
 		return;
 	}
 	if (data->data) 
Index: libexif/exif-loader.c
===================================================================
RCS file: /cvsroot/libexif/libexif/libexif/exif-loader.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- libexif/exif-loader.c	26 Jun 2007 02:30:32 -0000	1.25
+++ libexif/exif-loader.c	14 Dec 2007 19:53:53 -0000	1.26
@@ -176,6 +176,8 @@
 		break;
 	}
 
+	if (!len)
+		return 1;
 	exif_log (eld->log, EXIF_LOG_CODE_DEBUG, "ExifLoader",
 		  "Scanning %i byte(s) of data...", len);