mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

Fix a last-minute bug in the checking of the EXIF byte-order header

Browse Source 
The check should fail if the EXIF byte-order header doesn't start with
a correct character, or if the two heading characters aren't identical.

Rewrite the check to make the code logic easier to follow.
This commit is contained in:
Cosmin Truta 2022-09-14 22:00:42 +03:00
parent 3d57708c91
commit 2733482d8e
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
pngrutil.c
View File

@ -2075,14 +2075,17 @@ png_handle_eXIf(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
png_byte buf[1];
png_crc_read(png_ptr, buf, 1);
info_ptr->eXIf_buf[i] = buf[0];
if (i == 1 && buf[0] != 'M' && buf[0] != 'I'
&& info_ptr->eXIf_buf[0] != buf[0])
if (i == 1)
{
png_crc_finish(png_ptr, length-i-1);
png_chunk_benign_error(png_ptr, "incorrect byte-order specifier");
png_free(png_ptr, info_ptr->eXIf_buf);
info_ptr->eXIf_buf = NULL;
return;
if ((buf[0] != 'M' && buf[0] != 'I') ||
(info_ptr->eXIf_buf[0] != buf[0]))
{
png_crc_finish(png_ptr, length - 2);
png_chunk_benign_error(png_ptr, "incorrect byte-order specifier");
png_free(png_ptr, info_ptr->eXIf_buf);
info_ptr->eXIf_buf = NULL;
return;
}
}
}