Fix possible out of bounds access am: 751b4eba25 Change-Id: If89d7b52ea69bde0cca831d856d56bec16b5d897

commit: b201f04d8c8b8235b2ab8925a45175c96c3943f3 [log] [tgz]
author: Marco Nelissen <marcone@google.com> Fri Jun 10 21:24:06 2016 +0000
committer: android-build-merger <android-build-merger@google.com> Fri Jun 10 21:24:06 2016 +0000
tree: 6dd0e64c7a364aa4232838e813dab0e4885ad8d5
parent: acbfc9c1c7e1a84b0db4dc5bc3d5346b6c55c473 [diff]
parent: 751b4eba25aa2e2a31232c9c25ceb6dbddfb1d93 [diff]
diff --git a/exif.c b/exif.c
index bb01453..2c89293 100644
--- a/exif.c
+++ b/exif.c

@@ -614,7 +614,7 @@
             unsigned OffsetVal;
             OffsetVal = Get32u(DirEntry+8);
             // If its bigger than 4 bytes, the dir entry contains an offset.
-            if (OffsetVal+ByteCount > ExifLength){
+            if (OffsetVal > UINT32_MAX - ByteCount || OffsetVal+ByteCount > ExifLength){
                 // Bogus pointer offset and / or bytecount value
                 ErrNonfatal("Illegal value pointer for tag %04x", Tag,0);
                 continue;
commit	b201f04d8c8b8235b2ab8925a45175c96c3943f3	[log] [tgz]
author	Marco Nelissen <marcone@google.com>	Fri Jun 10 21:24:06 2016 +0000
committer	android-build-merger <android-build-merger@google.com>	Fri Jun 10 21:24:06 2016 +0000
tree	6dd0e64c7a364aa4232838e813dab0e4885ad8d5
parent	acbfc9c1c7e1a84b0db4dc5bc3d5346b6c55c473 [diff]
parent	751b4eba25aa2e2a31232c9c25ceb6dbddfb1d93 [diff]