From d40a4bc0c8ef207ee28faafa983518920265c4d3 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <marcus@jet.franken.de>
Date: Sat, 2 Feb 2019 19:04:29 +0100
Subject: [PATCH] the USERCOMMENT field should be returned \0 terminated (AFL)

---
 libexif/exif-entry.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c
index c0f219b..1462654 100644
--- a/libexif/exif-entry.c
+++ b/libexif/exif-entry.c
@@ -927,11 +927,12 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen)
 		 * If we reach this point, the tag does not
  		 * comply with the standard but seems to contain data.
 		 * Print as much as possible.
+		 * Note: make sure we do not overwrite the final \0 at maxlen-1
 		 */
 		exif_entry_log (e, EXIF_LOG_CODE_DEBUG,
 			_("Tag UserComment contains data but is "
 			  "against specification."));
- 		for (j = 0; (i < e->size) && (j < maxlen); i++, j++) {
+ 		for (j = 0; (i < e->size) && (j < maxlen-1); i++, j++) {
 			exif_entry_log (e, EXIF_LOG_CODE_DEBUG,
 				_("Byte at position %i: 0x%02x"), i, e->data[i]);
  			val[j] = isprint (e->data[i]) ? e->data[i] : '.';
-- 
2.7.4