From 012c544704e6edab0a7a08ad00fb6aa16b4eb6f8 Mon Sep 17 00:00:00 2001
From: Robin Mills <robin@clanmills.com>
Date: Thu, 16 Feb 2017 18:23:40 +0000
Subject: [PATCH] #1268 Fix submitted.  Ben and Robin both discovered and fixed
 this independantly with the same fix!

---
 src/image.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/image.cpp b/src/image.cpp
index cc0d3403..f6a82130 100644
--- a/src/image.cpp
+++ b/src/image.cpp
@@ -398,7 +398,7 @@ namespace Exiv2 {
                 }
 
                 // if ( offset > io.size() ) offset = 0; // Denial of service?
-                DataBuf  buf(size*count + pad);  // allocate a buffer
+                DataBuf  buf(size*count + pad+20);  // allocate a buffer
                 std::memcpy(buf.pData_,dir.pData_+8,4);  // copy dir[8:11] into buffer (short strings)
                 if ( count*size > 4 ) {            // read into buffer
                     size_t   restore = io.tell();  // save