From a33fc8506e3118e800a7c159f69a2de6528bf02b Mon Sep 17 00:00:00 2001 From: lifumin Date: Mon, 28 Jul 2025 21:35:51 +0800 Subject: [PATCH] lifumin3@h-partners.com Signed-off-by: lifumin --- libexif/exif-data.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libexif/exif-data.c b/libexif/exif-data.c index ef5ccb1..205e70a 100644 --- a/libexif/exif-data.c +++ b/libexif/exif-data.c @@ -313,6 +313,11 @@ exif_data_save_data_entry (ExifData *data, ExifEntry *e, * Size? If bigger than 4 bytes, the actual data is not in * the entry but somewhere else. */ + /* we usually have only 64kb datablock, so add a safety bound to avoid overflows */ + if (e->components > 65536) { + exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", _("Overflow in components detected.")); + return; + } s = exif_format_get_size (e->format) * e->components; if (s > 4) { unsigned char *t; -- Gitee