Overview

File libexif-cve-2006-4168.patch of Package libexif5

--- libexif-0.6.15/libexif/exif-data.c	2007-05-23 16:06:37.037242000 +0200
+++ libexif-0.6.16/libexif/exif-data.c	2007-06-12 15:01:54.000000000 +0200
@@ -167,13 +167,18 @@
 		  "Loading entry 0x%x ('%s')...", entry->tag,
 		  exif_tag_get_name (entry->tag));
 
+	/* {0,1,2,4,8} x { 0x00000000 .. 0xffffffff } 
+	 *   -> { 0x000000000 .. 0x7fffffff8 } */
+	s = exif_format_get_size(entry->format) * entry->components;
+	if (s < entry->components) {
+		return;
+	}
+	if (0 == s)
+		return;
 	/*
 	 * Size? If bigger than 4 bytes, the actual data is not
 	 * in the entry but somewhere else (offset).
 	 */
-	s = exif_format_get_size (entry->format) * entry->components;
-	if (!s)
-		return;
 	if (s > 4)
 		doff = exif_get_long (d + offset + 8, data->priv->order);
 	else
openSUSE Build Service is sponsored by
Places