From 16f43aee58220c9df2faae152edee7cc722bad79 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 23 Jun 2019 21:00:35 -0400
Subject: [PATCH] Check for buffer overflow

---
 MagickCore/property.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/MagickCore/property.c b/MagickCore/property.c
index 8e6bfa3fc..bd0d98744 100644
--- a/MagickCore/property.c
+++ b/MagickCore/property.c
@@ -1475,6 +1475,8 @@ static MagickBooleanType GetEXIFProperty(const Image *image,
             buffer[MagickPathExtent],
             *value;
 
+          if ((p < exif) || (p > (exif+length-tag_bytes[format])))
+            break;
           value=(char *) NULL;
           *buffer='\0';
           switch (format)
@@ -1536,9 +1538,11 @@ static MagickBooleanType GetEXIFProperty(const Image *image,
               EXIFMultipleValues(8,"%f",*(double *) p1);
               break;
             }
-            default:
             case EXIF_FMT_STRING:
+            default:
             {
+              if ((p < exif) || (p > (exif+length-number_bytes)))
+                break;
               value=(char *) NULL;
               if (~((size_t) number_bytes) >= 1)
                 value=(char *) AcquireQuantumMemory((size_t) number_bytes+1UL,
-- 
2.40.0