Merge the 2020-05-05 SPL branch from AOSP-Partner * security-aosp-pi-release: libexif: Fix read buffer overflow Change-Id: Idf32430c99fd24348f0477d3055ae56249e1d5a4

commit: 50eb5ed524b85db9fb373b8480e3faa20bf5585b [log] [tgz]
author: Karsten Tausche <karsten@fairphone.com> Fri Apr 24 12:31:02 2020 +0200
committer: Karsten Tausche <karsten@fairphone.com> Fri Apr 24 12:31:02 2020 +0200
tree: fa2a8865f8fc0b82b2e905fb84c9109d0093828c
parent: eeeee64a7922a7e33d8bc09f66a1a4e6c3e01596 [diff]
parent: 2272fd1a98942957a99b7e71b3eff213298f9743 [diff]
diff --git a/libexif/exif-data.c b/libexif/exif-data.c
index 67df4db..b8324b8 100644
--- a/libexif/exif-data.c
+++ b/libexif/exif-data.c

@@ -295,7 +295,9 @@
 	/* Write the data. Fill unneeded bytes with 0. Do not crash with
 	 * e->data is NULL */
 	if (e->data) {
-		memcpy (*d + 6 + doff, e->data, s);
+		unsigned int len = s;
+		if (e->size < s) len = e->size;
+		memcpy (*d + 6 + doff, e->data, len);
 	} else {
 		memset (*d + 6 + doff, 0, s);
 	}
commit	50eb5ed524b85db9fb373b8480e3faa20bf5585b	[log] [tgz]
author	Karsten Tausche <karsten@fairphone.com>	Fri Apr 24 12:31:02 2020 +0200
committer	Karsten Tausche <karsten@fairphone.com>	Fri Apr 24 12:31:02 2020 +0200
tree	fa2a8865f8fc0b82b2e905fb84c9109d0093828c
parent	eeeee64a7922a7e33d8bc09f66a1a4e6c3e01596 [diff]
parent	2272fd1a98942957a99b7e71b3eff213298f9743 [diff]