exiv2/0001-CVE-2018-19535.patch

From 03173751b4d7053d6ddf52a15904e8f751f78f56 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luis=20D=C3=ADaz=20M=C3=A1s?= <piponazo@gmail.com>
Date: Sun, 2 Sep 2018 14:39:52 +0200
Subject: [PATCH] Fix bug in PngChunk::readRawProfile

- Now it takes into account text.size_ when searching for a newline
char.
---
 src/pngchunk_int.cpp | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/pngchunk.cpp b/src/pngchunk.cpp
index 58281b3ff..755872c94 100644
--- a/src/pngchunk.cpp
+++ b/src/pngchunk.cpp
@@ -629,11 +629,19 @@ namespace Exiv2 {
 
 
         sp = (char*)text.pData_+1;
+        int pointerPos = 1;
 
         // Look for newline
-
-        while (*sp != '\n')
+        while (*sp != '\n' && pointerPos < (text.size_ - 1))
+        {
             sp++;
+            pointerPos++;
+        }
+
+        if (pointerPos == (text.size_ - 1))
+        {
+            return DataBuf();
+        }
 
         // Look for length