From fbf60377c006eaea8d3eca3f5e4c654909dcdfd2 Mon Sep 17 00:00:00 2001
From: Alex Tutubalin <lexa@lexa.ru>
Date: Wed, 19 Dec 2018 11:15:08 +0300
Subject: [PATCH] possible buffer overrun in Fuji makernotes parser

---
 internal/dcraw_common.cpp | 2 +-

diff --git a/internal/dcraw_common.cpp b/internal/dcraw_common.cpp
index 936aebf9..a0cd7226 100644
--- a/internal/dcraw_common.cpp
+++ b/internal/dcraw_common.cpp
@@ -10345,7 +10345,7 @@ void CLASS parse_makernote(int base, int uptag)
             else
               year += 1900;
 
-            ynum_len = (int)strnlen(words[i], sizeof(imgdata.shootinginfo.InternalBodySerial) - 1) - 18;
+            ynum_len = MIN((sizeof(ynum)-1), (int)strnlen(words[i], sizeof(imgdata.shootinginfo.InternalBodySerial) - 1) - 18);
             strncpy(ynum, words[i], ynum_len);
             ynum[ynum_len] = 0;
             for (int j = 0; ynum[j] && ynum[j + 1] && sscanf(ynum + j, "%2x", &c); j += 2)