|
|
3f58c5 |
diff --git a/src/preview.cpp b/src/preview.cpp
|
|
|
3f58c5 |
index 69f8e01..d20de04 100644
|
|
|
3f58c5 |
--- a/src/preview.cpp
|
|
|
3f58c5 |
+++ b/src/preview.cpp
|
|
|
3f58c5 |
@@ -37,6 +37,7 @@ EXIV2_RCSID("@(#) $Id$")
|
|
|
3f58c5 |
#include "preview.hpp"
|
|
|
3f58c5 |
#include "futils.hpp"
|
|
|
3f58c5 |
#include "enforce.hpp"
|
|
|
3f58c5 |
+#include "safe_op.hpp"
|
|
|
3f58c5 |
|
|
|
3f58c5 |
#include "image.hpp"
|
|
|
3f58c5 |
#include "cr2image.hpp"
|
|
|
3f58c5 |
@@ -386,7 +387,7 @@ namespace {
|
|
|
3f58c5 |
return AutoPtr();
|
|
|
3f58c5 |
|
|
|
3f58c5 |
if (loaderList_[id].imageMimeType_ &&
|
|
|
3f58c5 |
- std::string(loaderList_[id].imageMimeType_) != std::string(image.mimeType()))
|
|
|
3f58c5 |
+ std::string(loaderList_[id].imageMimeType_) != image.mimeType())
|
|
|
3f58c5 |
return AutoPtr();
|
|
|
3f58c5 |
|
|
|
3f58c5 |
AutoPtr loader = loaderList_[id].create_(id, image, loaderList_[id].parIdx_);
|
|
|
3f58c5 |
@@ -548,7 +549,8 @@ namespace {
|
|
|
3f58c5 |
}
|
|
|
3f58c5 |
}
|
|
|
3f58c5 |
|
|
|
3f58c5 |
- if (offset_ + size_ > static_cast<uint32_t>(image_.io().size())) return;
|
|
|
3f58c5 |
+ if (Safe::add(offset_, size_) > static_cast<uint32_t>(image_.io().size()))
|
|
|
3f58c5 |
+ return;
|
|
|
3f58c5 |
|
|
|
3f58c5 |
valid_ = true;
|
|
|
3f58c5 |
}
|
|
|
3f58c5 |
@@ -802,7 +804,7 @@ namespace {
|
|
|
3f58c5 |
// this saves one copying of the buffer
|
|
|
3f58c5 |
uint32_t offset = dataValue.toLong(0);
|
|
|
3f58c5 |
uint32_t size = sizes.toLong(0);
|
|
|
3f58c5 |
- if (offset + size <= static_cast<uint32_t>(io.size()))
|
|
|
3f58c5 |
+ if (Safe::add(offset, size) <= static_cast<uint32_t>(io.size()))
|
|
|
3f58c5 |
dataValue.setDataArea(base + offset, size);
|
|
|
3f58c5 |
}
|
|
|
3f58c5 |
else {
|
|
|
3f58c5 |
@@ -812,8 +814,8 @@ namespace {
|
|
|
3f58c5 |
for (int i = 0; i < sizes.count(); i++) {
|
|
|
3f58c5 |
uint32_t offset = dataValue.toLong(i);
|
|
|
3f58c5 |
uint32_t size = sizes.toLong(i);
|
|
|
3f58c5 |
- enforce(idxBuf + size < size_, kerCorruptedMetadata);
|
|
|
3f58c5 |
- if (size!=0 && offset + size <= static_cast<uint32_t>(io.size()))
|
|
|
3f58c5 |
+ enforce(Safe::add(idxBuf, size) < size_, kerCorruptedMetadata);
|
|
|
3f58c5 |
+ if (size!=0 && Safe::add(offset, size) <= static_cast<uint32_t>(io.size()))
|
|
|
3f58c5 |
memcpy(&buf.pData_[idxBuf], base + offset, size);
|
|
|
3f58c5 |
idxBuf += size;
|
|
|
3f58c5 |
}
|
|
|
3f58c5 |
@@ -930,7 +932,7 @@ namespace {
|
|
|
3f58c5 |
|
|
|
3f58c5 |
DataBuf decodeBase64(const std::string& src)
|
|
|
3f58c5 |
{
|
|
|
3f58c5 |
- const unsigned long srcSize = static_cast<const unsigned long>(src.size());
|
|
|
3f58c5 |
+ const unsigned long srcSize = src.size();
|
|
|
3f58c5 |
|
|
|
3f58c5 |
// create decoding table
|
|
|
3f58c5 |
unsigned long invalid = 64;
|