From 8388223deb74ebbc3b7bea4d0aba834e4dc655ce Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Mon, 19 Apr 2021 16:28:51 +0100
Subject: [PATCH] Check that the string is properly terminated.

---
 src/bmffimage.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/bmffimage.cpp b/src/bmffimage.cpp
index 783da6f7..845aadb3 100644
--- a/src/bmffimage.cpp
+++ b/src/bmffimage.cpp
@@ -287,7 +287,11 @@ namespace Exiv2
                 skip += 2;
                 /* getShort(data.pData_+skip,endian_) ; */ skip += 2;  // protection
                 std::string id;
-                std::string name((const char*)data.pData_ + skip);
+                // Check that the string has a '\0' terminator.
+                const char* str = (const char*)data.pData_ + skip;
+                const size_t maxlen = static_cast<size_t>(data.size_ - skip);
+                enforce(strnlen(str, maxlen) < maxlen, Exiv2::kerCorruptedMetadata);
+                std::string name(str);
                 if ( !name.find("Exif") ) {  // "Exif" or "ExifExif"
                     exifID_ = ID;
                     id=" *** Exif ***";