diff options
Diffstat (limited to 'src/media-thumb-internal.c')
-rwxr-xr-x | src/media-thumb-internal.c | 46 |
1 files changed, 29 insertions, 17 deletions
diff --git a/src/media-thumb-internal.c b/src/media-thumb-internal.c index dfa825b..180f8de 100755 --- a/src/media-thumb-internal.c +++ b/src/media-thumb-internal.c @@ -368,20 +368,31 @@ int _media_thumb_get_exif_info(ExifData *ed, char *buf, int max_size, int *value ExifByteOrder mByteOrder = exif_data_get_byte_order(ed); short exif_value = exif_get_short(entry->data, mByteOrder); *value = (int)exif_value; - } else { - /* Get the contents of the tag in human-readable form */ - if (buf == NULL) { - thumb_err("buf is NULL"); - return MS_MEDIA_ERR_INVALID_PARAMETER; - } - exif_entry_get_value(entry, buf, max_size); - buf[strlen(buf)] = '\0'; } } return MS_MEDIA_ERR_NONE; } +static int __media_thumb_safe_atoi(char *buffer, int *si) +{ + char *end = NULL; + errno = 0; + thumb_retvm_if(buffer == NULL || si == NULL, MS_MEDIA_ERR_INTERNAL, "invalid parameter"); + + const long sl = strtol(buffer, &end, 10); + + thumb_retvm_if(end == buffer, MS_MEDIA_ERR_INTERNAL, "not a decimal number"); + thumb_retvm_if('\0' != *end, MS_MEDIA_ERR_INTERNAL, "extra characters at end of input: %s", end); + thumb_retvm_if((LONG_MIN == sl || LONG_MAX == sl) && (ERANGE == errno), MS_MEDIA_ERR_INTERNAL, "out of range of type long"); + thumb_retvm_if(sl > INT_MAX, MS_MEDIA_ERR_INTERNAL, "greater than INT_MAX"); + thumb_retvm_if(sl < INT_MIN, MS_MEDIA_ERR_INTERNAL, "less than INT_MIN"); + + *si = (int)sl; + + return MS_MEDIA_ERR_NONE; +} + static int _media_thumb_get_data_from_exif(ExifData *ed, void **thumb_data, int *thumb_size, @@ -419,7 +430,12 @@ static int _media_thumb_get_data_from_exif(ExifData *ed, /* copy the real thumbnail data from exif data */ if (ed->data && ed->size) { - //thumb_dbg("Size: %d, thumb: 0x%x", ed->size, ed->data); + /* NOTICE : ExifData->size type is unsigned int, But Internal IPC, and CAPI use int */ + if (ed->size > INT_MAX) { + thumb_err("EXIF thumbnail size is over INT_MAX"); + return MS_MEDIA_ERR_THUMB_TOO_BIG; + } + *thumb_data = (char *)malloc(ed->size); if (*thumb_data == NULL) { @@ -442,8 +458,7 @@ static int _media_thumb_get_data_from_exif(ExifData *ed, /* Get the contents of the tag in human-readable form */ char width[10] = {0,}; exif_entry_get_value(entry, width, 10); - - *thumb_width = atoi(width); + __media_thumb_safe_atoi(width, thumb_width); } else { thumb_warn("EXIF_TAG_IMAGE_WIDTH does not exist"); *thumb_width = 0; @@ -455,8 +470,7 @@ static int _media_thumb_get_data_from_exif(ExifData *ed, /* Get the contents of the tag in human-readable form */ char height[10] = {0, }; exif_entry_get_value(entry, height, 10); - - *thumb_height = atoi(height); + __media_thumb_safe_atoi(height, thumb_height); } else { thumb_warn("EXIF_TAG_IMAGE_LENGTH does not exist"); *thumb_height = 0; @@ -472,8 +486,7 @@ static int _media_thumb_get_data_from_exif(ExifData *ed, if (entry) { char width[10] = {0,}; exif_entry_get_value(entry, width, 10); - - *origin_width = atoi(width); + __media_thumb_safe_atoi(width, origin_width); } else { thumb_warn("EXIF_TAG_PIXEL_X_DIMENSION does not exist"); *origin_width = 0; @@ -485,8 +498,7 @@ static int _media_thumb_get_data_from_exif(ExifData *ed, if (entry) { char height[10] = {0, }; exif_entry_get_value(entry, height, 10); - - *origin_height = atoi(height); + __media_thumb_safe_atoi(height, origin_height); } else { thumb_warn("EXIF_TAG_PIXEL_Y_DIMENSION does not exist"); *origin_height = 0; |