Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 389691a

Browse files
committed
exif/heic: Fix bound check in loop
The loop checks against `p` but increases `p2`. I don't see the point of having 2 separate variables, so use `p` instead to correct the bounds check and simplify the code in the process.
1 parent bc2a749 commit 389691a

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

‎ext/exif/exif.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4307,7 +4307,7 @@ static int exif_isobmff_parse_box(unsigned char *buf, isobmff_box_type *box)
43074307
static void exif_isobmff_parse_meta(unsigned char *data, unsigned char *end, isobmff_item_pos_type *pos)
43084308
{
43094309
isobmff_box_type box, item;
4310-
unsigned char *box_offset, *p, *p2;
4310+
unsigned char *box_offset, *p;
43114311
int header_size, exif_id = -1, version, item_count, i;
43124312

43134313
size_t remain;
@@ -4362,10 +4362,10 @@ static void exif_isobmff_parse_meta(unsigned char *data, unsigned char *end, iso
43624362
ADVANCE(4);
43634363
item_count = php_ifd_get32u(p - 4, 1);
43644364
}
4365-
for (i = 0, p2=p; i < item_count && p < end - 16; i++, p2 += 16) {
4366-
if (php_ifd_get16u(p2, 1) == exif_id) {
4367-
pos->offset = php_ifd_get32u(p2 + 8, 1);
4368-
pos->size = php_ifd_get32u(p2 + 12, 1);
4365+
for (i = 0; i < item_count && p < end - 16; i++, p += 16) {
4366+
if (php_ifd_get16u(p, 1) == exif_id) {
4367+
pos->offset = php_ifd_get32u(p + 8, 1);
4368+
pos->size = php_ifd_get32u(p + 12, 1);
43694369
break;
43704370
}
43714371
}

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /