File CVE-2017-18234.patch of Package exempi.6890

diff --git a/exempi/exempi.cpp b/exempi/exempi.cpp
index a57aba6..a4259dd 100644
--- a/exempi/exempi.cpp
+++ b/exempi/exempi.cpp
@@ -186,8 +186,8 @@ bool xmp_init()
 	RESET_ERROR;
 	try {
 		// no need to initialize anything else.
-		// XMP SDK 5.1.2 needs this because it has been lobotomized of local text conversion
-		// the one that was done in Exempi with libiconv.
+        // XMP SDK 5.1.2 needs this because it has been stripped off local
+        // text conversion the one that was done in Exempi with libiconv.
 		return SXMPFiles::Initialize(kXMPFiles_IgnoreLocalText);
 	}
 	catch(const XMP_Error & e) {
diff --git a/source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp b/source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp
index 316cea0..04b16bb 100644
--- a/source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp
+++ b/source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp
@@ -65,7 +65,7 @@ void TIFF_MemoryReader::SortIFD ( TweakedIFDInfo* thisIFD )
 		} else if ( thisTag == prevTag ) {
 
 			// Duplicate tag, keep the 2nd copy, move the tail of the array up, prevTag is unchanged.
-			memcpy ( &ifdEntries[i-1], &ifdEntries[i], 12*(tagCount-i) );	// AUDIT: Safe, moving tail forward, i >= 1.
+			memmove ( &ifdEntries[i-1], &ifdEntries[i], 12*(tagCount-i) ); // may overlap -- Hub
 			--tagCount;
 			--i; // ! Don't move forward in the array, we've moved the unseen part up.
 
@@ -81,7 +81,7 @@ void TIFF_MemoryReader::SortIFD ( TweakedIFDInfo* thisIFD )
 
 				// Out of order duplicate, move it to position j, move the tail of the array up.
 				ifdEntries[j] = ifdEntries[i];
-				memcpy ( &ifdEntries[i], &ifdEntries[i+1], 12*(tagCount-(i+1)) );	// AUDIT: Safe, moving tail forward, i >= 1.
+				memmove ( &ifdEntries[i], &ifdEntries[i+1], 12*(tagCount-(i+1)) ); // may overlap -- Hub
 				--tagCount;
 				--i; // ! Don't move forward in the array, we've moved the unseen part up.
 
@@ -212,7 +212,11 @@ bool TIFF_MemoryReader::GetTag ( XMP_Uns8 ifd, XMP_Uns16 id, TagInfo* info ) con
 		info->dataLen = thisTag->bytes;
 
 		info->dataPtr = this->GetDataPtr ( thisTag );
-
+		// Here we know that if it is NULL, it is wrong. -- Hub
+		// GetDataPtr will return NULL in case of overflow.
+		if (info->dataPtr == NULL) {
+			return false;
+		}
 	}
 
 	return true;
diff --git a/source/XMPFiles/FormatSupport/TIFF_Support.hpp b/source/XMPFiles/FormatSupport/TIFF_Support.hpp
index 9af76c4..e3d9834 100644
--- a/source/XMPFiles/FormatSupport/TIFF_Support.hpp
+++ b/source/XMPFiles/FormatSupport/TIFF_Support.hpp
@@ -723,7 +723,17 @@ private:
 	const TweakedIFDEntry* FindTagInIFD ( XMP_Uns8 ifd, XMP_Uns16 id ) const;
 
 	const inline void* GetDataPtr ( const TweakedIFDEntry* tifdEntry ) const
-		{ if ( tifdEntry->bytes <= 4 ) return &tifdEntry->dataOrPos; else return (this->tiffStream + tifdEntry->dataOrPos); };
+		{ 
+			if ( tifdEntry->bytes <= 4 ) return &tifdEntry->dataOrPos; 
+			else 
+			{
+				XMP_Uns32 pos = tifdEntry->dataOrPos;
+				// Invalid file. 
+				// The data is past the length of the TIFF.
+				if ( (pos + tifdEntry->bytes) > this->tiffLength ) return NULL;
+				return (this->tiffStream + pos); 
+			}
+		};
 
 	static inline void NotAppropriate() { XMP_Throw ( "Not appropriate for TIFF_Reader", kXMPErr_InternalFailure ); };