From f6b17d2a4d55af8b2adc7edbe7a2e44e65d3712b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@gmail.com>
Date: Sun, 27 Feb 2022 10:40:27 +0100
Subject: [PATCH] Fix issues found by fuzzer

---
 src/helper_functions.cpp | 4 +++-
 src/jpgimage.cpp         | 3 +--
 src/pngchunk_int.cpp     | 4 ++--
 src/tiffvisitor_int.cpp  | 2 +-
 4 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/helper_functions.cpp b/src/helper_functions.cpp
index e01a8bf2..074524b3 100644
--- a/src/helper_functions.cpp
+++ b/src/helper_functions.cpp
@@ -23,7 +23,9 @@
 
 std::string string_from_unterminated(const char* data, size_t data_length)
 {
+    if (data_length == 0) {
+        return {};
+    }
     const size_t StringLength = strnlen(data, data_length);
-
     return std::string(data, StringLength);
 }
diff --git a/src/jpgimage.cpp b/src/jpgimage.cpp
index 16239c41..202fc005 100644
--- a/src/jpgimage.cpp
+++ b/src/jpgimage.cpp
@@ -621,8 +621,7 @@ namespace Exiv2 {
                     assert(markerHasLength(marker));
                     assert(size >= 2); // Because this marker has a length field.
                     // http://www.adobe.com/content/dam/Adobe/en/devnet/xmp/pdfs/XMPSpecificationPart3.pdf p75
-                    const std::string signature =
-                        string_from_unterminated(buf.c_str(2), size - 2);
+                    const std::string signature = string_from_unterminated(buf.c_str(2), size - 2);
 
                     // 728 rmills@rmillsmbp:~/gnu/exiv2/ttt $ exiv2 -pS test/data/exiv2-bug922.jpg
                     // STRUCTURE OF JPEG FILE: test/data/exiv2-bug922.jpg
diff --git a/src/pngchunk_int.cpp b/src/pngchunk_int.cpp
index ea787960..e31d5ce6 100644
--- a/src/pngchunk_int.cpp
+++ b/src/pngchunk_int.cpp
@@ -147,7 +147,7 @@ namespace Exiv2
 
                 arr = DataBuf(text, textsize);
             } else if (type == iTXt_Chunk) {
-                enforce(data.size() >= Safe::add(keysize, static_cast<size_t>(3)), Exiv2::kerCorruptedMetadata);
+                enforce(data.size() > Safe::add(keysize, static_cast<size_t>(3)), Exiv2::kerCorruptedMetadata);
                 const size_t nullCount = std::count(data.c_data(keysize + 3), data.c_data(data.size()-1), '\0');
                 enforce(nullCount >= nullSeparators, Exiv2::kerCorruptedMetadata);
 
@@ -524,7 +524,7 @@ namespace Exiv2
 
         DataBuf PngChunk::readRawProfile(const DataBuf& text, bool iTXt)
         {
-            if (text.empty()) {
+            if (text.size() <= 1) {
                 return DataBuf();
             }
 
diff --git a/src/tiffvisitor_int.cpp b/src/tiffvisitor_int.cpp
index f4d4a7d5..07f6889f 100644
--- a/src/tiffvisitor_int.cpp
+++ b/src/tiffvisitor_int.cpp
@@ -999,7 +999,7 @@ namespace Exiv2 {
                 uint32_t sizeTotal = 0;
                 object->strips_.clear();
                 for (size_t i = 0; i < pos->count(); ++i) {
-                    uint32_t len = pos->toUint32(i);
+                    uint32_t len = pos->toUint32(static_cast<long>(i));
                     object->strips_.emplace_back(zero, len);
                     sizeTotal += len;
                 }