1
#! /bin/sh /usr/share/dpatch/dpatch-run
2
## CVE-2007-6352.dpatch by Nico Golde <nion@debian.org>
4
## All lines beginning with `## DP:' are a description of the patch.
8
diff -urNad libexif-0.6.16~/libexif/exif-data.c libexif-0.6.16/libexif/exif-data.c
9
--- libexif-0.6.16~/libexif/exif-data.c 2007-06-12 15:01:54.000000000 +0200
10
+++ libexif-0.6.16/libexif/exif-data.c 2007-12-21 17:13:15.000000000 +0100
12
exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
13
unsigned int ds, ExifLong offset, ExifLong size)
15
- if (ds < offset + size) {
16
+ if (ds < offset + size || (offset < 0) || (size < 0) || (offset + size < offset)) {
17
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
18
- "Bogus thumbnail offset and size: %i < %i + %i.",
19
- (int) ds, (int) offset, (int) size);
20
+ "Bogus thumbnail offset and size");