Overview

File 0008-heap-buffer-overflow.patch of Package jhead

From: Ludovic Rousseau <rousseau@debian.org>
Date: Sat, 3 Feb 2018 10:23:09 +0100
Subject: Fix heap buffer overflow

Bug-Debian: http://bugs.debian.org/889272

---
 exif.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/exif.c b/exif.c
index bcde6c8..1dee145 100644
--- a/exif.c
+++ b/exif.c
@@ -1020,7 +1020,7 @@ void process_EXIF (unsigned char * ExifSection, unsigned int length)
 
     FirstOffset = Get32u(ExifSection+12);
     if (FirstOffset < 8 || FirstOffset > 16){
-        if (FirstOffset < 16 || FirstOffset > length-16){
+        if (FirstOffset < 16 || length < 16 || FirstOffset > length-16){
             ErrNonfatal("invalid offset for first Exif IFD value",0,0);
             return;
         }
openSUSE Build Service is sponsored by
Places