From aa51a6acf5cb8d5922de92bb63717bad1bf41983 Mon Sep 17 00:00:00 2001
From: Marco Pesenti Gritti <mpg@fedoraproject.org>
Date: Tue, 8 Mar 2005 10:33:32 +0000
Subject: [PATCH] - Add libexif-0.5.12-buffer-overflow.patch

---
 libexif-0.5.12-buffer-overflow.patch | 30 ++++++++++++++++++++++++++++
 libexif.spec                         |  7 +++++++
 2 files changed, 37 insertions(+)
 create mode 100644 libexif-0.5.12-buffer-overflow.patch

diff --git a/libexif-0.5.12-buffer-overflow.patch b/libexif-0.5.12-buffer-overflow.patch
new file mode 100644
index 0000000..078605f
--- /dev/null
+++ b/libexif-0.5.12-buffer-overflow.patch
@@ -0,0 +1,30 @@
+--- libexif-0.5.12/libexif/exif-data.c.buffer-overflow	2005-03-08 05:24:31.000000000 -0500
++++ libexif-0.5.12/libexif/exif-data.c	2005-03-08 05:26:30.000000000 -0500
+@@ -551,7 +551,7 @@
+ #endif
+ 
+ 	/* Byte order (offset 6, length 2) */
+-	if (size < 12)
++	if (size < 14)
+ 		return;
+ 	if (!memcmp (d + 6, "II", 2))
+ 		data->priv->order = EXIF_BYTE_ORDER_INTEL;
+@@ -570,12 +570,18 @@
+ 	printf ("IFD 0 at %i.\n", (int) offset);
+ #endif
+ 
++	if (ds < 6 + 4 + offset)
++		return;
++
+ 	/* Parse the actual exif data (offset 14) */
+ 	exif_data_load_data_content (data, data->ifd[EXIF_IFD_0], d + 6,
+ 				     size - 6, offset);
+ 
+ 	/* IFD 1 offset */
+ 	n = exif_get_short (d + 6 + offset, data->priv->order);
++	if (ds < 6 + offset + 2 + 12 * n + 4)
++		return;
++
+ 	offset = exif_get_long (d + 6 + offset + 2 + 12 * n, data->priv->order);
+ 	if (offset) {
+ #ifdef DEBUG
diff --git a/libexif.spec b/libexif.spec
index 80ce249..607c512 100644
--- a/libexif.spec
+++ b/libexif.spec
@@ -8,6 +8,8 @@ URL: http://libexif.sourceforge.net/
 Source0: http://umn.dl.sourceforge.net/sourceforge/libexif/%{name}-%{version}.tar.gz
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
 
+Patch0: libexif-0.5.12-buffer-overflow.patch 
+
 %description
 Most digital cameras produce EXIF files, which are JPEG files with
 extra tags that contain information about the image. The EXIF library
@@ -25,6 +27,8 @@ for writing programs that use libexif.
 %prep
 %setup -q
 
+%patch0 -p1 -b .buffer-overflow
+
 %build
 %configure
 make %{?_smp_mflags}
@@ -55,6 +59,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/libexif.pc
 
 %changelog
+* Tue Mar  8 2005 Marco Pesenti Gritti <mpg@redhat.com>
+- Add libexif-0.5.12-buffer-overflow.patch 
+
 * Wed Mar  2 2005 Matthias Clasen <mclasen@redhat.com> 
 - Rebuild with gcc4