Stack corruption in GetEXIFProperty function
Posted: 2009-05-13T06:37:44-07:00
Visual studio memory guard complained about corruption of the stack near variable 'buffer'
I had a closer look a the code and figured out it was right:
the macros EXIFMultipleValues and EXIFMultipleFractions do write on index -2 under some cirumstances:
if components is somehow 0, in line 743 buffer[-2] gets overwritten (the same is in line 762)
greets!
I had a closer look a the code and figured out it was right:
the macros EXIFMultipleValues and EXIFMultipleFractions do write on index -2 under some cirumstances:
Code: Select all
property.c
728 #define EXIFMultipleValues(size, format, arg) \
729 { \
730 long component; \
731 size_t used_space; \
732 unsigned char *p1; \
733 used_space=0; \
734 p1=p; \
735 for (component = 0; component < components; component++) \
736 { \
737 used_space+=FormatMagickString(buffer+used_space, \
738 MaxTextExtent-used_space,format", ",arg); \
739 if (used_space >= MaxTextExtent - 1) \
740 used_space=MaxTextExtent-1; \
741 p1+=size; \
742 } \
743 buffer[used_space-2]='\0'; \
744 value=AcquireString(buffer); \
745 }greets!