DO NOT MERGE - Merge qt-qpr1-dev-plus-aosp@6382244 into stag-aosp-master
Bug: 151763422
Change-Id: Ie2524df08e3b5fcc3aef25ac9496ef944314fd9e
diff --git a/libexif/exif-data.c b/libexif/exif-data.c
index 80d9346..5a7763b 100644
--- a/libexif/exif-data.c
+++ b/libexif/exif-data.c
@@ -315,7 +315,10 @@
unsigned int ds, ExifLong o, ExifLong s)
{
/* Sanity checks */
- if ((o + s < o) || (o + s < s) || (o + s > ds) || (o > ds)) {
+ uint64_t o64 = (uint64_t) o;
+ uint64_t s64 = (uint64_t) s;
+ uint64_t ds64 = (uint64_t) ds;
+ if ((o64 + s64) > ds64) {
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Bogus thumbnail offset (%u) or size (%u).",
o, s);
diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c
index 0f72865..4a90842 100644
--- a/libexif/exif-entry.c
+++ b/libexif/exif-entry.c
@@ -1043,12 +1043,12 @@
d = 0.;
entry = exif_content_get_entry (
e->parent->parent->ifd[EXIF_IFD_0], EXIF_TAG_MAKE);
- if (entry && entry->data &&
+ if (entry && entry->data && (entry->size > 7) &&
!strncmp ((char *)entry->data, "Minolta", 7)) {
entry = exif_content_get_entry (
e->parent->parent->ifd[EXIF_IFD_0],
EXIF_TAG_MODEL);
- if (entry && entry->data) {
+ if (entry && entry->data && (entry->size > 8)) {
if (!strncmp ((char *)entry->data, "DiMAGE 7", 8))
d = 3.9;
else if (!strncmp ((char *)entry->data, "DiMAGE 5", 8))
