Merge the 2020-05-05 SPL branch from AOSP-Partner
* security-aosp-pi-release:
libexif: Fix read buffer overflow
Change-Id: Idf32430c99fd24348f0477d3055ae56249e1d5a4
diff --git a/libexif/exif-data.c b/libexif/exif-data.c
index 67df4db..b8324b8 100644
--- a/libexif/exif-data.c
+++ b/libexif/exif-data.c
@@ -295,7 +295,9 @@
/* Write the data. Fill unneeded bytes with 0. Do not crash with
* e->data is NULL */
if (e->data) {
- memcpy (*d + 6 + doff, e->data, s);
+ unsigned int len = s;
+ if (e->size < s) len = e->size;
+ memcpy (*d + 6 + doff, e->data, len);
} else {
memset (*d + 6 + doff, 0, s);
}