From 1e0e02eaac8480fd985cb2f9267e433d8c16441c Mon Sep 17 00:00:00 2001
From: lookup69 <lookup69@gmail.com>
Date: Wed, 20 Nov 2013 15:40:11 +0800
Subject: [PATCH] fixed: Incorrect length calculation for keywords from IPTC
 tags in which could result in a buffer overflow.

---
 lib/libexif/IptcParse.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/libexif/IptcParse.cpp b/lib/libexif/IptcParse.cpp
index 1fc7dfb4a92a6..a0bba1632e013 100644
--- a/lib/libexif/IptcParse.cpp
+++ b/lib/libexif/IptcParse.cpp
@@ -201,8 +201,10 @@ bool CIptcParse::Process (const unsigned char* const Data, const unsigned short
         // there may be multiple keywords - lets join them
         size_t maxLen = MAX_IPTC_STRING - strlen(tag);
         if (maxLen > 2)
+        {
           strcat(tag, ", ");
-        strncat(tag, pos, min(length, MAX_IPTC_STRING - maxLen - 3));
+          strncat(tag, pos, min(length, maxLen - 3));
+        }
       }
 /*      if (id == SLIDE_IPTC_CAPTION)
       {