summaryrefslogtreecommitdiff
path: root/src/media-thumb-internal.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/media-thumb-internal.c')
-rwxr-xr-xsrc/media-thumb-internal.c46
1 files changed, 29 insertions, 17 deletions
diff --git a/src/media-thumb-internal.c b/src/media-thumb-internal.c
index dfa825b..180f8de 100755
--- a/src/media-thumb-internal.c
+++ b/src/media-thumb-internal.c
@@ -368,20 +368,31 @@ int _media_thumb_get_exif_info(ExifData *ed, char *buf, int max_size, int *value
ExifByteOrder mByteOrder = exif_data_get_byte_order(ed);
short exif_value = exif_get_short(entry->data, mByteOrder);
*value = (int)exif_value;
- } else {
- /* Get the contents of the tag in human-readable form */
- if (buf == NULL) {
- thumb_err("buf is NULL");
- return MS_MEDIA_ERR_INVALID_PARAMETER;
- }
- exif_entry_get_value(entry, buf, max_size);
- buf[strlen(buf)] = '\0';
}
}
return MS_MEDIA_ERR_NONE;
}
+static int __media_thumb_safe_atoi(char *buffer, int *si)
+{
+ char *end = NULL;
+ errno = 0;
+ thumb_retvm_if(buffer == NULL || si == NULL, MS_MEDIA_ERR_INTERNAL, "invalid parameter");
+
+ const long sl = strtol(buffer, &end, 10);
+
+ thumb_retvm_if(end == buffer, MS_MEDIA_ERR_INTERNAL, "not a decimal number");
+ thumb_retvm_if('\0' != *end, MS_MEDIA_ERR_INTERNAL, "extra characters at end of input: %s", end);
+ thumb_retvm_if((LONG_MIN == sl || LONG_MAX == sl) && (ERANGE == errno), MS_MEDIA_ERR_INTERNAL, "out of range of type long");
+ thumb_retvm_if(sl > INT_MAX, MS_MEDIA_ERR_INTERNAL, "greater than INT_MAX");
+ thumb_retvm_if(sl < INT_MIN, MS_MEDIA_ERR_INTERNAL, "less than INT_MIN");
+
+ *si = (int)sl;
+
+ return MS_MEDIA_ERR_NONE;
+}
+
static int _media_thumb_get_data_from_exif(ExifData *ed,
void **thumb_data,
int *thumb_size,
@@ -419,7 +430,12 @@ static int _media_thumb_get_data_from_exif(ExifData *ed,
/* copy the real thumbnail data from exif data */
if (ed->data && ed->size) {
- //thumb_dbg("Size: %d, thumb: 0x%x", ed->size, ed->data);
+ /* NOTICE : ExifData->size type is unsigned int, But Internal IPC, and CAPI use int */
+ if (ed->size > INT_MAX) {
+ thumb_err("EXIF thumbnail size is over INT_MAX");
+ return MS_MEDIA_ERR_THUMB_TOO_BIG;
+ }
+
*thumb_data = (char *)malloc(ed->size);
if (*thumb_data == NULL) {
@@ -442,8 +458,7 @@ static int _media_thumb_get_data_from_exif(ExifData *ed,
/* Get the contents of the tag in human-readable form */
char width[10] = {0,};
exif_entry_get_value(entry, width, 10);
-
- *thumb_width = atoi(width);
+ __media_thumb_safe_atoi(width, thumb_width);
} else {
thumb_warn("EXIF_TAG_IMAGE_WIDTH does not exist");
*thumb_width = 0;
@@ -455,8 +470,7 @@ static int _media_thumb_get_data_from_exif(ExifData *ed,
/* Get the contents of the tag in human-readable form */
char height[10] = {0, };
exif_entry_get_value(entry, height, 10);
-
- *thumb_height = atoi(height);
+ __media_thumb_safe_atoi(height, thumb_height);
} else {
thumb_warn("EXIF_TAG_IMAGE_LENGTH does not exist");
*thumb_height = 0;
@@ -472,8 +486,7 @@ static int _media_thumb_get_data_from_exif(ExifData *ed,
if (entry) {
char width[10] = {0,};
exif_entry_get_value(entry, width, 10);
-
- *origin_width = atoi(width);
+ __media_thumb_safe_atoi(width, origin_width);
} else {
thumb_warn("EXIF_TAG_PIXEL_X_DIMENSION does not exist");
*origin_width = 0;
@@ -485,8 +498,7 @@ static int _media_thumb_get_data_from_exif(ExifData *ed,
if (entry) {
char height[10] = {0, };
exif_entry_get_value(entry, height, 10);
-
- *origin_height = atoi(height);
+ __media_thumb_safe_atoi(height, origin_height);
} else {
thumb_warn("EXIF_TAG_PIXEL_Y_DIMENSION does not exist");
*origin_height = 0;