This the offset to the first IFD.
*/
offset=(ssize_t) ((int) ReadProfileLong(endian,exif+4));
- if (offset >= length)
+ if ((size_t) offset >= length)
return(MagickFalse);
directory=exif+offset;
level=0;
The directory entry contains an offset.
*/
offset=(ssize_t) ((int) ReadProfileLong(endian,q+8));
- if ((offset+number_bytes) > length)
+ if ((size_t) (offset+number_bytes) > length)
continue;
+ if (~length < number_bytes)
+ continue; /* prevent overflow */
p=(unsigned char *) (exif+offset);
}
switch (tag_value)
offset;
offset=(ssize_t) ((int) ReadProfileLong(endian,p));
- if ((offset < length) && (level < (MaxDirectoryStack-2)))
+ if (((size_t) offset < length) && (level < (MaxDirectoryStack-2)))
{
directory_stack[level].directory=directory;
entry++;
break;
offset=(ssize_t) ((int) ReadProfileLong(endian,directory+2+(12*
number_entries)));
- if ((offset != 0) && (offset < length) &&
+ if ((offset != 0) && ((size_t) offset < length) &&
(level < (MaxDirectoryStack-2)))
{
directory_stack[level].directory=exif+offset;
*directory;
size_t
- entry,
+ entry;
+
+ ssize_t
offset;
} DirectoryInfo;
entry,
length,
number_entries,
- tag_offset,
tag;
SplayTreeInfo
id,
level,
offset,
+ tag_offset,
tag_value;
static int
offset=(ssize_t) ((int) ReadPropertyLong(endian,q+8));
if ((size_t) (offset+number_bytes) > length)
continue;
+ if (~length < number_bytes)
+ continue; /* prevent overflow */
p=(unsigned char *) (exif+offset);
}
if ((all != 0) || (tag == (size_t) tag_value))
if ((tag_value == TAG_EXIF_OFFSET) ||
(tag_value == TAG_INTEROP_OFFSET) || (tag_value == TAG_GPS_OFFSET))
{
- size_t
+ ssize_t
offset;
- offset=(size_t) ((int) ReadPropertyLong(endian,p));
- if ((offset < length) && (level < (MaxDirectoryStack-2)))
+ offset=(ssize_t) ((int) ReadPropertyLong(endian,p));
+ if (((size_t) offset < length) && (level < (MaxDirectoryStack-2)))
{
- size_t
+ ssize_t
tag_offset1;
- tag_offset1=(tag_value == TAG_GPS_OFFSET) ? 0x10000UL : 0UL;
+ tag_offset1=(ssize_t) ((tag_value == TAG_GPS_OFFSET) ? 0x10000 :
+ 0);
directory_stack[level].directory=directory;
entry++;
directory_stack[level].entry=entry;
level++;
if ((directory+2+(12*number_entries)) > (exif+length))
break;
- offset=(size_t) ((int) ReadPropertyLong(endian,directory+2+(12*
+ offset=(ssize_t) ((int) ReadPropertyLong(endian,directory+2+(12*
number_entries)));
- if ((offset != 0) && (offset < length) &&
+ if ((offset != 0) && ((size_t) offset < length) &&
(level < (MaxDirectoryStack-2)))
{
directory_stack[level].directory=exif+offset;
projects / imagemagick / commitdiff