Fix a last-minute bug in the checking of the EXIF byte-order header
The check should fail if the EXIF byte-order header doesn't start with
a correct character, or if the two heading characters aren't identical.
Rewrite the check to make the code logic easier to follow.
diff --git a/pngrutil.c b/pngrutil.c
index 3c7e0e6..ca060dd 100644
--- a/pngrutil.c
+++ b/pngrutil.c
@@ -2075,14 +2075,17 @@
png_byte buf[1];
png_crc_read(png_ptr, buf, 1);
info_ptr->eXIf_buf[i] = buf[0];
- if (i == 1 && buf[0] != 'M' && buf[0] != 'I'
- && info_ptr->eXIf_buf[0] != buf[0])
+ if (i == 1)
{
- png_crc_finish(png_ptr, length-i-1);
- png_chunk_benign_error(png_ptr, "incorrect byte-order specifier");
- png_free(png_ptr, info_ptr->eXIf_buf);
- info_ptr->eXIf_buf = NULL;
- return;
+ if ((buf[0] != 'M' && buf[0] != 'I') ||
+ (info_ptr->eXIf_buf[0] != buf[0]))
+ {
+ png_crc_finish(png_ptr, length - 2);
+ png_chunk_benign_error(png_ptr, "incorrect byte-order specifier");
+ png_free(png_ptr, info_ptr->eXIf_buf);
+ info_ptr->eXIf_buf = NULL;
+ return;
+ }
}
}