From 933dfed4b8f98f59a5bf78233dadaa975afe04f7 Mon Sep 17 00:00:00 2001
From: jiakai <jia.kai66@gmail.com>
Date: Wed, 11 Nov 2015 20:17:24 +0800
Subject: [PATCH] check offset in ExifReader::getString

---
 modules/imgcodecs/src/jpeg_exif.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/imgcodecs/src/jpeg_exif.cpp b/modules/imgcodecs/src/jpeg_exif.cpp
index af4b7a9908..c7b5b76a26 100644
--- a/modules/imgcodecs/src/jpeg_exif.cpp
+++ b/modules/imgcodecs/src/jpeg_exif.cpp
@@ -401,6 +401,9 @@ std::string ExifReader::getString(const size_t offset) const
     {
         dataOffset = getU32( offset + 8 );
     }
+    if (dataOffset > m_data.size() || dataOffset + size > m_data.size()) {
+        throw ExifParsingError();
+    }
     std::vector<uint8_t>::const_iterator it = m_data.begin() + dataOffset;
     std::string result( it, it + size ); //copy vector content into result