Invalid memory read in process_EXIF()/Get16u()

[joachim-reichel]

Running jhead 3.06.0.1 on the attached repro case under valgrind results in

==3535479== Memcheck, a memory error detector
==3535479== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==3535479== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
[...] (some error messages from jhead removed for brevity)
==3535479== Conditional jump or move depends on uninitialised value(s)
==3535479==    at 0x11197F: process_EXIF (exif.c:1042)
==3535479==    by 0x10EDBF: ReadJpegSections.part.0 (jpgfile.c:289)
==3535479==    by 0x10EFE8: ReadJpegSections (jpgfile.c:125)
==3535479==    by 0x10EFE8: ReadJpegFile [(jpgfile.c:381)](url)
==3535479==    by 0x10CC16: ProcessFile (jhead.c:914)
==3535479==    by 0x10B6DB: main (jhead.c:1770)

The problem still exists in current master.

The problem is that process_EXIF() expects that length >= 16 but does not check that at all (here it is 10). There is check a couple of lines later (executed only under certain conditions), but IMHO this should be checked much sooner (before the EXIF header component check).

Original Debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968961