From f724f4e2fcd081917ac9d5d63c67d46a60f75218 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Wed, 23 Jun 2021 22:39:31 +0100
Subject: [PATCH] Don't crash if s > size.

---
 src/crwimage_int.cpp | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
index fb51fa3d..3a0347a6 100644
--- a/src/crwimage_int.cpp
+++ b/src/crwimage_int.cpp
@@ -1228,13 +1228,15 @@ namespace Exiv2 {
         std::memset(buf.pData_, 0x0, buf.size_);
 
         uint16_t len = 0;
+
         for (auto&& exif : exifData) {
             if (exif.ifdId() != ifdId)
                 continue;
             const uint16_t s = exif.tag() * 2 + static_cast<uint16_t>(exif.size());
-            assert(s <= size);
-            if (len < s) len = s;
-            exif.copy(buf.pData_ + exif.tag() * 2, byteOrder);
+            if (s <= size) {
+                if (len < s) len = s;
+                exif.copy(buf.pData_ + exif.tag() * 2, byteOrder);
+            }
         }
         // Round the size to make it even.
         buf.size_ = len + len%2;