From 946f72fd9e7129453b7f14aeeffecafc9a2e3183 Mon Sep 17 00:00:00 2001
From: Ozgur Ozcitak <ozcitak@yahoo.com>
Date: Thu, 3 May 2018 13:42:00 +0300
Subject: [PATCH] Check that ifd offsets donot go beyond header. Fixes #54

---
 ExifLibrary/JPEGFile.cs | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/ExifLibrary/JPEGFile.cs b/ExifLibrary/JPEGFile.cs
index d83ba9b..8c85a10 100644
--- a/ExifLibrary/JPEGFile.cs
+++ b/ExifLibrary/JPEGFile.cs
@@ -614,9 +614,13 @@ private void ReadExifAPP1()
                 }
 
                 // 1st IFD pointer
-                int firstifdpointer = (int)conv.ToUInt32(header, ifdoffset + 2 + 12 * fieldcount);
-                if (firstifdpointer != 0)
-                    ifdqueue.Add(firstifdpointer, IFD.First);
+                int firstifdoffset = ifdoffset + 2 + 12 * fieldcount;
+                if (firstifdoffset + 4 <= header.Length)
+                {
+                    int firstifdpointer = (int)conv.ToUInt32(header, firstifdoffset);
+                    if (firstifdpointer != 0 && firstifdpointer + 2 <= header.Length)
+                        ifdqueue.Add(firstifdpointer, IFD.First);
+                }
                 // Read thumbnail
                 if (thumboffset != -1 && thumblength != 0 && Thumbnail == null)
                 {