diff options
| -rw-r--r-- | fiv-io.c | 6 | ||||
| -rw-r--r-- | tiffer.h | 10 |
2 files changed, 11 insertions, 5 deletions
@@ -1263,7 +1263,7 @@ parse_mpf_index_ifd(struct tiffer *T) static bool parse_mpf( - GPtrArray *individuals, const uint8_t *mpf, size_t len, const uint8_t *end) + GPtrArray *individuals, const uint8_t *mpf, size_t len, size_t total_len) { struct tiffer T; if (!tiffer_init(&T, mpf, len) || !tiffer_next_ifd(&T)) @@ -1274,7 +1274,7 @@ parse_mpf( uint32_t *offsets = parse_mpf_index_ifd(&T); if (offsets) { for (const uint32_t *o = offsets; *o; o++) - if (*o <= end - mpf) + if (*o <= total_len) g_ptr_array_add(individuals, (gpointer) mpf + *o); free(offsets); } @@ -1378,7 +1378,7 @@ parse_jpeg_metadata(const char *data, size_t len, struct jpeg_metadata *meta) if (meta->mpf && marker == APP2 && p - payload >= 8 && !memcmp(payload, "MPF\0", 4) && !meta->mpf->len) { payload += 4; - parse_mpf(meta->mpf, payload, p - payload, end); + parse_mpf(meta->mpf, payload, p - payload, end - payload); } // TODO(p): Extract the main XMP segment. @@ -156,12 +156,18 @@ tiffer_next_ifd(struct tiffer *self) return tiffer_u16(self, &self->remaining_fields); } +static size_t +tiffer_length(const struct tiffer *self) +{ + return self->begin > self->end ? 0 : self->end - self->begin; +} + /// Initialize a derived TIFF reader for a subIFD at the given location. static bool tiffer_subifd( const struct tiffer *self, uint32_t offset, struct tiffer *subreader) { - if (self->begin > self->end || self->end - self->begin < offset) + if (tiffer_length(self) < offset) return false; *subreader = *self; @@ -332,7 +338,7 @@ tiffer_next_entry(struct tiffer *self, struct tiffer_entry *entry) if (values_size <= sizeof offset) { entry->p = self->p; self->p += sizeof offset; - } else if (tiffer_u32(self, &offset) && self->end - self->begin >= offset) { + } else if (tiffer_u32(self, &offset) && tiffer_length(self) >= offset) { entry->p = self->begin + offset; } else { return false; |