fpexif: Fix some range check errors. Patch by forum user Mirkasp (https://forum.lazarus.freepascal.org/index.php/topic,60105.msg448827).

git-svn-id: https://svn.code.sf.net/p/lazarus-ccr/svn@8366 8e941d3f-bd1b-0410-a28a-d453659cc2b4

components/fpexif/fpemetadata.pas

@@ -544,7 +544,11 @@ begin
     repeat
       marker := ReadByte(AStream);
     until marker <> $FF;
-    size := BEtoN(ReadWord(AStream)) - 2;
+    size := BEToN(ReadWord(AStream));
+    if size < 2 then
+      Continue;
+    size := size - 2;
+//    size := BEtoN(ReadWord(AStream)) - 2;
     p := AStream.Position;
     case marker of
       M_EXIF:

components/fpexif/fpeutils.pas

@@ -111,7 +111,7 @@ procedure JPEGScaleImage(ASrcStream, ADestStream: TStream;
   ADestSize: Integer = DEFAULT_THUMBNAIL_SIZE);
 
 // Buffer utils
-function PosInBytes(AText: ansistring; ABuffer: TBytes): Integer;
+function PosInBytes(const AText: ansistring; const ABuffer: TBytes): Integer;
 
 // Date/time utils
 function LocalTimeZoneStr: String;
@@ -1353,9 +1353,23 @@ end;
 //                          Buffer utilities
 //==============================================================================
 
+function PosInBytes(const AText: AnsiString; const ABuffer: TBytes): Integer;
+var 
+  len: Integer;
+begin
+  len := Length(AText);
+  if (len > 0) and Assigned(ABuffer) then begin
+    for Result := Low(ABuffer) to High(ABuffer) - len + 1 do
+      if {%H-}CompareMem(@ABuffer[Result], Pointer(AText), len) then
+        exit;
+  end;
+  Result := -1;
+end;
+
+(*
 function PosInBytes(AText: AnsiString; ABuffer: TBytes): Integer;
 var
-  i, j: Integer;
+  i, j, len: Integer;
   found: Boolean;
 begin
   if (AText = '') or (ABuffer = nil) then begin
@@ -1363,10 +1377,11 @@ begin
     exit;
   end;
 
-  for i:= 0 to High(ABuffer) do
+  len := Length(AText);
+  for i:= 0 to High(ABuffer) - len + 1 do
     if ABuffer[i] = ord(AText[1]) then begin
       found := true;
-      for j := 2 to Length(AText) do
+      for j := 2 to len do
         if ABuffer[i+j-1] <> ord(AText[j]) then begin
           found := false;
           break;
@@ -1379,7 +1394,7 @@ begin
 
   Result := -1;
 end;
-
+*)
 
 //==============================================================================
 //                             Date/time utilities