Description: fix some issues found by Henri Sarlo, using AFL (American Fuzzy Lop). Closes: #779525, #779527. Author: Hubert Figuière Last-Update: 2015-03-04 Index: exifprobe-2.0.1/interpret.c =================================================================== --- exifprobe-2.0.1.orig/interpret.c +++ exifprobe-2.0.1/interpret.c @@ -75,7 +75,10 @@ interpret_value(struct ifd_entry *entry_ print_compression(entry_ptr->value); break; case TIFFTAG_PhotometricInterpretation: - print_photometric(entry_ptr->value,summary_entry->fileformat); + if (summary_entry) + { + print_photometric(entry_ptr->value,summary_entry->fileformat); + } break; case TIFFTAG_Orientation: print_orientation(entry_ptr->value); Index: exifprobe-2.0.1/misc.c =================================================================== --- exifprobe-2.0.1.orig/misc.c +++ exifprobe-2.0.1/misc.c @@ -303,10 +303,19 @@ scan_summary(struct image_summary *summa if(summary_entry->bps[0] && summary_entry->spp) { int i; + int spp = summary_entry->spp; float total_bits,bytes_per_pixel; total_bits = 0; - for(i = 0; i < summary_entry->spp; ++i) + if (spp > MAXSAMPLE) + { + spp = MAXSAMPLE; + if(Debug & 0x4) + { + printf("CLAMPING spp\n"); + } + } + for(i = 0; i < spp; ++i) total_bits += summary_entry->bps[i]; bytes_per_pixel = total_bits / 8.0; if(Debug & 0x4) Index: exifprobe-2.0.1/process.c =================================================================== --- exifprobe-2.0.1.orig/process.c +++ exifprobe-2.0.1/process.c @@ -687,12 +687,16 @@ process_tiff_ifd(FILE *inptr,unsigned sh case EXIFTAG_Interoperability: /* This doesn't belong in a TIFF IFD, but */ /* be prepared. */ + /* Also we make sure we are not calling on */ + /* the same ifd offset */ PUSHCOLOR(INTEROP_COLOR); - value_offset = process_tiff_ifd(inptr,byteorder, + if (entry_ptr->value != ifd_offset) { + value_offset = process_tiff_ifd(inptr,byteorder, entry_ptr->value,fileoffset_base, next_ifd_offset,summary_entry, listname,INTEROP_IFD,ifdnum,0, indent); + } value_offset = 0; POPCOLOR(); break;