- Added missing bound check in iptcparse() (path by chris at chiappa.net)

author Felipe Pena <felipensp@gmail.com>

Sun, 29 Apr 2012 22:12:12 +0000 (19:12 -0300)

committer Felipe Pena <felipensp@gmail.com>

Sun, 29 Apr 2012 22:12:12 +0000 (19:12 -0300)
author Felipe Pena <felipensp@gmail.com>
Sun, 29 Apr 2012 22:12:12 +0000 (19:12 -0300)
committer Felipe Pena <felipensp@gmail.com>
Sun, 29 Apr 2012 22:12:12 +0000 (19:12 -0300)
diff --git a/ext/standard/iptc.c b/ext/standard/iptc.c

index efd4e44125f7a86b826ec57622c6e7e0515d0540..d1cf42f2d2560f3c3272414cde803c2cbfedee29 100644 (file)
--- a/ext/standard/iptc.c
+++ b/ext/standard/iptc.c
@@ -342,13 +342,13 @@ PHP_FUNCTION(iptcparse)
                         len = (((unsigned short) buffer[ inx ])<<8) | (unsigned short)buffer[ inx+1 ];
                         inx += 2;
                 }
-
-               snprintf(key, sizeof(key), "%d#%03d", (unsigned int) dataset, (unsigned int) recnum);
-
-               if ((len > str_len) || (inx + len) > str_len) {
+               
+               if ((len < 0) || (len > str_len) || (inx + len) > str_len) {
                         break;
                 }
  
+               snprintf(key, sizeof(key), "%d#%03d", (unsigned int) dataset, (unsigned int) recnum);
+
                 if (tagsfound == 0) { /* found the 1st tag - initialize the return array */
                         array_init(return_value);
                 }
author	Felipe Pena <felipensp@gmail.com>
	Sun, 29 Apr 2012 22:12:12 +0000 (19:12 -0300)
committer	Felipe Pena <felipensp@gmail.com>
	Sun, 29 Apr 2012 22:12:12 +0000 (19:12 -0300)