[vlc-commits] codec: jpeg: fix sanity checks
Francois Cartegnie
git at videolan.org
Tue Jul 18 10:34:32 CEST 2017
vlc | branch: master | Francois Cartegnie <fcvlcdev at free.fr> | Tue Jul 18 10:18:06 2017 +0200| [74bbc0981f351c7bbbed76410b1cbcd842b9a393] | committer: Francois Cartegnie
codec: jpeg: fix sanity checks
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=74bbc0981f351c7bbbed76410b1cbcd842b9a393
---
modules/codec/jpeg.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/modules/codec/jpeg.c b/modules/codec/jpeg.c
index ed8e6b258c..15a05afcfb 100644
--- a/modules/codec/jpeg.c
+++ b/modules/codec/jpeg.c
@@ -445,7 +445,7 @@ jpeg_GetOrientation( j_decompress_ptr cinfo )
/* Check that we still are within the buffer and can read the tag count */
- if ( ( i + 2 ) > exif_marker->data_length )
+ if ( i > exif_marker->data_length - 2 )
return 0;
/* Find out how many tags we have in IFD0. As per the TIFF spec, the first
@@ -456,7 +456,7 @@ jpeg_GetOrientation( j_decompress_ptr cinfo )
/* Check that we still have enough data for all tags to check. The tags
are listed in consecutive 12-byte blocks. The tag ID, type, size, and
a pointer to the actual value, are packed into these 12 byte entries. */
- if ( ( i + tags * 12 ) > exif_marker->data_length )
+ if ( tags * 12U > exif_marker->data_length - i )
return 0;
/* Check through IFD0 for tags of interest */
More information about the vlc-commits
mailing list