From c76d74be657ce8302f140cefc2b665682c83b023 Mon Sep 17 00:00:00 2001 From: Lovell Fuller Date: Sat, 22 Oct 2022 11:20:53 +0100 Subject: [PATCH] Ensure EXIF is at least 4 bytes before inspection (#3109) --- libvips/foreign/exif.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libvips/foreign/exif.c b/libvips/foreign/exif.c index 88d1bf5d..d8e9896c 100644 --- a/libvips/foreign/exif.c +++ b/libvips/foreign/exif.c @@ -167,6 +167,10 @@ vips_exif_load_data_without_fix( const void *data, size_t length ) /* exif_data_load_data() only allows uint for length. Limit it to less * than that: 2**20 should be enough for anyone. */ + if( length < 4 ) { + vips_error( "exif", "%s", _( "exif too small" ) ); + return( NULL ); + } if( length > 1 << 20 ) { vips_error( "exif", "%s", _( "exif too large" ) ); return( NULL );