From c98d372b48adc6de859dc04e2e0c33441cfe136c Mon Sep 17 00:00:00 2001
From: Pydera <pydera@mailbox.org>
Date: Thu, 8 Apr 2021 17:11:38 +0200
Subject: [PATCH] Fix out of buffer access in #1530

---
 src/crwimage_int.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/crwimage.cpp b/src/crwimage.cpp
index a44a67e2c..9155e0042 100644
--- a/src/crwimage.cpp
+++ b/src/crwimage.cpp
@@ -1186,11 +1186,13 @@ namespace Exiv2 {
         CiffComponent* cc = pHead->findComponent(pCrwMapping->crwTagId_,
                                                  pCrwMapping->crwDir_);
         if (edX != edEnd || edY != edEnd || edO != edEnd) {
-            uint32_t size = 28;
+            size_t size = 28;
             if (cc && cc->size() > size) size = cc->size();
             DataBuf buf(size);
             std::memset(buf.pData_, 0x0, buf.size_);
-            if (cc) std::memcpy(buf.pData_ + 8, cc->pData() + 8, cc->size() - 8);
+            if (cc && cc->size() > 8) {
+                std::memcpy(buf.pData_ + 8, cc->pData() + 8, cc->size() - 8);
+            }
             if (edX != edEnd && edX->size() == 4) {
                 edX->copy(buf.pData_, pHead->byteOrder());
             }