diff --git a/src/preview.cpp b/src/preview.cpp index 69f8e01..d20de04 100644 --- a/src/preview.cpp +++ b/src/preview.cpp @@ -37,6 +37,7 @@ EXIV2_RCSID("@(#) $Id$") #include "preview.hpp" #include "futils.hpp" #include "enforce.hpp" +#include "safe_op.hpp" #include "image.hpp" #include "cr2image.hpp" @@ -386,7 +387,7 @@ namespace { return AutoPtr(); if (loaderList_[id].imageMimeType_ && - std::string(loaderList_[id].imageMimeType_) != std::string(image.mimeType())) + std::string(loaderList_[id].imageMimeType_) != image.mimeType()) return AutoPtr(); AutoPtr loader = loaderList_[id].create_(id, image, loaderList_[id].parIdx_); @@ -548,7 +549,8 @@ namespace { } } - if (offset_ + size_ > static_cast(image_.io().size())) return; + if (Safe::add(offset_, size_) > static_cast(image_.io().size())) + return; valid_ = true; } @@ -802,7 +804,7 @@ namespace { // this saves one copying of the buffer uint32_t offset = dataValue.toLong(0); uint32_t size = sizes.toLong(0); - if (offset + size <= static_cast(io.size())) + if (Safe::add(offset, size) <= static_cast(io.size())) dataValue.setDataArea(base + offset, size); } else { @@ -812,8 +814,8 @@ namespace { for (int i = 0; i < sizes.count(); i++) { uint32_t offset = dataValue.toLong(i); uint32_t size = sizes.toLong(i); - enforce(idxBuf + size < size_, kerCorruptedMetadata); - if (size!=0 && offset + size <= static_cast(io.size())) + enforce(Safe::add(idxBuf, size) < size_, kerCorruptedMetadata); + if (size!=0 && Safe::add(offset, size) <= static_cast(io.size())) memcpy(&buf.pData_[idxBuf], base + offset, size); idxBuf += size; } @@ -930,7 +932,7 @@ namespace { DataBuf decodeBase64(const std::string& src) { - const unsigned long srcSize = static_cast(src.size()); + const unsigned long srcSize = src.size(); // create decoding table unsigned long invalid = 64;