Buffer overflow extracting the thumbnail of certain RAW photos - Fixes #3

[diegocr]

Ideally the DNG parser should be fixed, but meanwhile and as a safety measure we shall ensure such buffer overflow does not happens in general...

[dlemstra]

Found this PR way to late but can you explain after almost 3 years why this fixes an overflow?

[diegocr]

Better later than never, but this will be a good memory exercise indeed.

I think you mean besides what was described in #3 ? there you can find the details, although i am failing to remember how this was fixing the overflow exactly.

[dlemstra]

It looks like this check } else if ((status = !((int)thumb_length > 0x7f)) { (maybe better written as } else if ((status = ((int)thumb_length < 128)) {) is making sure we have at least 127 bytes ? But I don't understand why the number 127 was picked and why we even need this?

[diegocr]

It will be a matter of re-testing the pointed DNG file, perhaps the embedded thumbnail was truncated and a size offset resulting on allocating more memory than the file itself, or something of the like (?)