From caf08b229e521a27c0295fb48985b4fa5b483a6e Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Tue, 13 Jul 2021 22:50:16 +0100
Subject: [PATCH] dirLength == 0 can cause an infinite loop.

---
 src/image.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/image.cpp b/src/image.cpp
index bc80549e..0fdc4e41 100644
--- a/src/image.cpp
+++ b/src/image.cpp
@@ -334,6 +334,8 @@ namespace Exiv2 {
                 throw Error(kerCorruptedMetadata);
             }
             uint16_t   dirLength = byteSwap2(dir,0,bSwap);
+            // Prevent infinite loops. (GHSA-m479-7frc-gqqg)
+            enforce(dirLength > 0, kerCorruptedMetadata);
 
             if ( dirLength > 500 ) // tooBig
                 throw Error(kerTiffDirectoryTooLarge);