From 6bb956ad808590ce2321b9ddf6772974da27c4ca Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Sat, 22 Oct 2022 15:55:02 +0100
Subject: [PATCH] Credit to OSS-Fuzz:
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52382 Avoid null
 pointer deref.

---
 src/quicktimevideo.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/quicktimevideo.cpp b/src/quicktimevideo.cpp
index b3f41373..011b3c29 100644
--- a/src/quicktimevideo.cpp
+++ b/src/quicktimevideo.cpp
@@ -834,6 +834,7 @@ void QuickTimeVideo::userDataDecoder(size_t size_external) {
     }
 
     else if (equalsQTimeTag(buf, "CMbo") || equalsQTimeTag(buf, "Cmbo")) {
+      enforce(tv, Exiv2::ErrorCode::kerCorruptedMetadata);
       io_->readOrThrow(buf.data(), 2);
       buf.data()[2] = '\0';
       tv_internal = find(cameraByteOrderTags, Exiv2::toString(buf.data()));