$OpenBSD: patch-libexif_exif-loader_c,v 1.1 2008/11/05 13:11:14 jasper Exp $

Fix for CVE-2007-6352: infinite recursion error DoS.

--- libexif/exif-loader.c.orig	Wed Nov  5 13:56:14 2008
+++ libexif/exif-loader.c	Wed Nov  5 13:59:38 2008
@@ -176,6 +176,8 @@ exif_loader_write (ExifLoader *eld, unsigned char *buf
 		break;
 	}
 
+	if (!len)
+		return 1;
 	exif_log (eld->log, EXIF_LOG_CODE_DEBUG, "ExifLoader",
 		  "Scanning %i byte(s) of data...", len);
 
@@ -263,7 +265,7 @@ exif_loader_write (ExifLoader *eld, unsigned char *buf
 		default:
 			switch (eld->b[i]) {
 			case JPEG_MARKER_APP1:
-				if (!memcmp (eld->b + i + 3, ExifHeader, MIN(sizeof (ExifHeader), MAX(0, sizeof (eld->b) - i - 3)))) {
+			  if (!memcmp (eld->b + i + 3, ExifHeader, MIN((ssize_t)(sizeof(ExifHeader)), MAX(0, ((ssize_t)(sizeof(eld->b))) - ((ssize_t)i) - 3)))) {
 					eld->data_format = EL_DATA_FORMAT_EXIF;
 				} else {
 					eld->data_format = EL_DATA_FORMAT_JPEG; /* Probably JFIF - keep searching for APP1 EXIF*/
