From 60144df5570bb6cfcf8f5d395c874a7c00c41fe4 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Fri, 27 Aug 2021 16:56:45 +0100
Subject: [PATCH] Credit to OSS-Fuzz:
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37492 Throw an error if
 the size of the preview is greater than 1MB.

---
 src/tiffvisitor_int.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/tiffvisitor_int.cpp b/src/tiffvisitor_int.cpp
index 854f3369..d2b655a6 100644
--- a/src/tiffvisitor_int.cpp
+++ b/src/tiffvisitor_int.cpp
@@ -1598,6 +1598,9 @@ namespace Exiv2 {
         if ( !isize ) {
             v->read(pData, size, byteOrder());
         } else {
+            // Prevent large memory allocations: https://github.com/Exiv2/exiv2/issues/1881
+            enforce(isize <= 1024 * 1024, kerCorruptedMetadata);
+
             // #1143 Write a "hollow" buffer for the preview image
             //       Sadly: we don't know the exact location of the image in the source (it's near offset)
             //       And neither TiffReader nor TiffEntryBase have access to the BasicIo object being processed