summaryrefslogtreecommitdiff
path: root/ext/exif/exif.c
diff options
context:
space:
mode:
Diffstat (limited to 'ext/exif/exif.c')
-rw-r--r--ext/exif/exif.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index e535278fc9..1147980f77 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -2545,7 +2545,10 @@ static void exif_thumbnail_extract(image_info_type *ImageInfo, char *offset, siz
return;
}
/* Check to make sure we are not going to go past the ExifLength */
- if ((ImageInfo->Thumbnail.offset + ImageInfo->Thumbnail.size) > length) {
+ if (ImageInfo->Thumbnail.size > length
+ || (ImageInfo->Thumbnail.offset + ImageInfo->Thumbnail.size) > length
+ || ImageInfo->Thumbnail.offset > length - ImageInfo->Thumbnail.size
+ ) {
EXIF_ERRLOG_THUMBEOF(ImageInfo)
return;
}
View Lorry Controller Status