From 32d0a934f4de721031b7a1a9c56655e696d3e646 Mon Sep 17 00:00:00 2001
From: Hombre <natureh.510@gmail.com>
Date: Sun, 31 Dec 2017 00:48:33 +0100
Subject: [PATCH] Fix #4265: "Segfault saving image with edited metadata"

---
 rtexif/rtexif.cc | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/rtexif/rtexif.cc b/rtexif/rtexif.cc
index affd530b5..b6b5b55fe 100644
--- a/rtexif/rtexif.cc
+++ b/rtexif/rtexif.cc
@@ -1938,17 +1938,15 @@ void Tag::initUserComment (const Glib::ustring &text)
         count = 8 + strlen (text.c_str());
         valuesize = count;
         value = new unsigned char[valuesize];
-        strcpy ((char*)value, "ASCII");
-        value[5] = value[6] = value[7] = 0;
-        strcpy ((char*)value + 8, text.c_str());
+        memcpy((char*)value, "ASCII\0\0\0", 8);
+        memcpy((char*)value + 8, text.c_str(), valuesize - 8);
     } else {
         wchar_t *commentStr = (wchar_t*)g_utf8_to_utf16 (text.c_str(), -1, NULL, NULL, NULL);
         count = 8 + wcslen(commentStr)*2;
         valuesize = count;
         value = (unsigned char*)new char[valuesize];
-        strcpy ((char*)value, "UNICODE");
-        value[7] = 0;
-        wcscpy(((wchar_t*)value) + 4, commentStr);
+        memcpy((char*)value, "UNICODE\0", 8);
+        memcpy((char*)value + 8, (char*)commentStr, valuesize - 8);
         g_free(commentStr);
     }
 }