From 09fd874c9932b3e7550ae81f5d931fa4fef38858 Mon Sep 17 00:00:00 2001
From: Abhinav Badola <mail.abu.to@gmail.com>
Date: Thu, 19 Jun 2014 20:28:44 +0000
Subject: [PATCH] #960: Added a Buffer Overflow Fix in INFO tags of
 RIFFVIDEO.CPP

---
 src/riffvideo.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/riffvideo.cpp b/src/riffvideo.cpp
index 4545bc36..0dcd291c 100644
--- a/src/riffvideo.cpp
+++ b/src/riffvideo.cpp
@@ -856,7 +856,7 @@ namespace Exiv2 {
 
     void RiffVideo::infoTagsHandler()
     {
-        const long bufMinSize = 100;
+        const long bufMinSize = 10000;
         DataBuf buf(bufMinSize);
         buf.pData_[4] = '\0';
         io_->seek(-12, BasicIo::cur);
@@ -879,10 +879,14 @@ namespace Exiv2 {
             if(infoSize >= 0) {
                 size -= infoSize;
                 io_->read(buf.pData_, infoSize);
+                if(infoSize < 4)
+                    buf.pData_[infoSize] = '\0';
             }
 
             if(tv)
                 xmpData_[exvGettext(tv->label_)] = buf.pData_;
+            else
+                continue;
         }
         io_->seek(cur_pos + size_external, BasicIo::beg);
     } // RiffVideo::infoTagsHandler