1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
--- libexif-0.6.12/libexif/exif-data.c.recurse 2005-05-06 13:35:17.610294000 -0400
+++ libexif-0.6.12/libexif/exif-data.c 2005-05-06 13:37:35.112654000 -0400
@@ -284,9 +284,10 @@
}
static void
-exif_data_load_data_content (ExifData *data, ExifContent *ifd,
- const unsigned char *d,
- unsigned int ds, unsigned int offset)
+exif_data_load_data_content_recurse (ExifData *data, ExifContent *ifd,
+ const unsigned char *d,
+ unsigned int ds, unsigned int offset,
+ unsigned int level)
{
ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
ExifShort n;
@@ -296,6 +297,13 @@
if (!data || !data->priv) return;
+ if (level > 150)
+ {
+ exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
+ "Deep recursion in exif_data_load_data_content");
+ return 0;
+ }
+
/* Read the number of entries */
if (offset >= ds - 1) return;
n = exif_get_short (d + offset, data->priv->order);
@@ -320,18 +328,18 @@
switch (tag) {
case EXIF_TAG_EXIF_IFD_POINTER:
CHECK_REC (EXIF_IFD_EXIF);
- exif_data_load_data_content (data,
- data->ifd[EXIF_IFD_EXIF], d, ds, o);
+ exif_data_load_data_content_recurse (data,
+ data->ifd[EXIF_IFD_EXIF], d, ds, o, level + 1);
break;
case EXIF_TAG_GPS_INFO_IFD_POINTER:
CHECK_REC (EXIF_IFD_GPS);
- exif_data_load_data_content (data,
- data->ifd[EXIF_IFD_GPS], d, ds, o);
+ exif_data_load_data_content_recurse (data,
+ data->ifd[EXIF_IFD_GPS], d, ds, o, level + 1);
break;
case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
CHECK_REC (EXIF_IFD_INTEROPERABILITY);
- exif_data_load_data_content (data,
- data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o);
+ exif_data_load_data_content_recurse (data,
+ data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds, o, level + 1);
break;
case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
thumbnail_offset = o;
@@ -373,6 +381,14 @@
}
static void
+exif_data_load_data_content (ExifData *data, ExifContent *ifd,
+ const unsigned char *d,
+ unsigned int ds, unsigned int offset)
+{
+ exif_data_load_data_content_recurse (data, ifd, d, ds, offset, 0);
+}
+
+static void
exif_data_save_data_content (ExifData *data, ExifContent *ifd,
unsigned char **d, unsigned int *ds,
unsigned int offset)
|
GitWeb
