From 05a7799c1e4c43235a2e20d907fb6c2e38e1ccbd Mon Sep 17 00:00:00 2001
From: Dirk Lemstra <dirk@lemstra.org>
Date: Tue, 27 Nov 2018 21:05:04 +0100
Subject: [PATCH] Skip the first 4 bytes of the exif profile  since they
 indicate the offset to the start of the TIFF header of the Exif data (#1266).

---
 coders/heic.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/coders/heic.c b/coders/heic.c
index 2883f313b..dba94b758 100644
--- a/coders/heic.c
+++ b/coders/heic.c
@@ -269,7 +269,7 @@ static Image *ReadHEICImage(const ImageInfo *image_info,
       size_t
         exif_size;
 
-      void
+      unsigned char
         *exif_buffer;
 
       exif_size=heif_image_handle_get_metadata_size(image_handle,exif_id);
@@ -280,8 +280,8 @@ static Image *ReadHEICImage(const ImageInfo *image_info,
           ThrowReaderException(CorruptImageError,
             "InsufficientImageDataInFile");
         }
-      exif_buffer=AcquireMagickMemory(exif_size);
-      if (exif_buffer != NULL)
+      exif_buffer=(unsigned char *) AcquireMagickMemory(exif_size);
+      if (exif_buffer !=(unsigned char *) NULL)
         {
           error=heif_image_handle_get_metadata(image_handle,
             exif_id,exif_buffer);
@@ -290,7 +290,11 @@ static Image *ReadHEICImage(const ImageInfo *image_info,
               StringInfo
                 *profile;
 
-              profile=BlobToStringInfo(exif_buffer,exif_size);
+              // The first 4 byte should be skipped since they indicate the
+              // offset to the start of the TIFF header of the Exif data.
+              profile=(StringInfo*) NULL;
+              if (exif_size > 8)
+                profile=BlobToStringInfo(exif_buffer+4,exif_size-4);
               if (profile != (StringInfo*) NULL)
                 {
                   SetImageProfile(image,"exif",profile,exception);
-- 
2.40.0