Fix possible out of bounds access am: 751b4eba25 am: b201f04d8c am: 2d49e2de6e am: a3c15ad42d am: 6c2d0e45b5 am: dbefc1dc4a am: 854fedfa6b am: 2ea3783c81 am: e3574d919b am: 3daffc0fba am: 2a4c12f5e5
am: a0628a0519

Change-Id: Ib5d873506e2d728ce6b86eea402dca5b856deed3
diff --git a/exif.c b/exif.c
index 561852b..6d8b96d 100644
--- a/exif.c
+++ b/exif.c
@@ -658,7 +658,7 @@
             unsigned OffsetVal;
             OffsetVal = Get32u(DirEntry+8);
             // If its bigger than 4 bytes, the dir entry contains an offset.
-            if (OffsetVal+ByteCount > ExifLength){
+            if (OffsetVal > UINT32_MAX - ByteCount || OffsetVal+ByteCount > ExifLength){
                 // Bogus pointer offset and / or bytecount value
                 ErrNonfatal("Illegal value pointer for tag %04x", Tag,0);