Rephrase code to avoid overflow Code was checking for overflow, but by way of doing the overflowing calculations. changed from 32-bit to 64-bit calculations to avoid the overflow. Bug: 145075076 Test: compilation, to be re-fuzzed Change-Id: Ic14ce8f22b177802c5166c0bab362b12f25ca353 (cherry picked from commit 1c6217859ed2ad0b27df4b73c1dcdcda5aebe3d5)

commit: f6c54954cbfc25eb73d2d2902f0597c0220174a4 [log] [tgz]
author: Ray Essick <[email protected]> Mon Dec 16 12:45:36 2019 -0800
committer: Ray Essick <[email protected]> Tue Feb 04 19:35:01 2020 +0000
tree: f08042e72f4b50662ab7bdaf8f4b868f7428093e
parent: 1a6756b78ad1c7fca57cb8521081fc01181e8f83 [diff]
diff --git a/libexif/exif-data.c b/libexif/exif-data.c
index adfb512..eb5d49c 100644
--- a/libexif/exif-data.c
+++ b/libexif/exif-data.c

@@ -312,7 +312,10 @@
 			       unsigned int ds, ExifLong o, ExifLong s)
 {
 	/* Sanity checks */
-	if ((o + s < o) || (o + s < s) || (o + s > ds) || (o > ds)) {
+	uint64_t o64 = (uint64_t) o;
+	uint64_t s64 = (uint64_t) s;
+	uint64_t ds64 = (uint64_t) ds;
+	if ((o64 + s64) > ds64) {
 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
 			  "Bogus thumbnail offset (%u) or size (%u).",
 			  o, s);
commit	f6c54954cbfc25eb73d2d2902f0597c0220174a4	[log] [tgz]
author	Ray Essick <[email protected]>	Mon Dec 16 12:45:36 2019 -0800
committer	Ray Essick <[email protected]>	Tue Feb 04 19:35:01 2020 +0000
tree	f08042e72f4b50662ab7bdaf8f4b868f7428093e
parent	1a6756b78ad1c7fca57cb8521081fc01181e8f83 [diff]