Fix possible out of bounds access am: 751b4eba25 am: b201f04d8c am: 2d49e2de6e
am: a3c15ad42d
Change-Id: I383f66974fe3357faa0d76d4d23b9ab9a4c1a165
diff --git a/exif.c b/exif.c
index 472c45e..64ef19a 100644
--- a/exif.c
+++ b/exif.c
@@ -614,7 +614,7 @@
unsigned OffsetVal;
OffsetVal = Get32u(DirEntry+8);
// If its bigger than 4 bytes, the dir entry contains an offset.
- if (OffsetVal+ByteCount > ExifLength){
+ if (OffsetVal > UINT32_MAX - ByteCount || OffsetVal+ByteCount > ExifLength){
// Bogus pointer offset and / or bytecount value
ErrNonfatal("Illegal value pointer for tag %04x", Tag,0);
continue;