From 842f5080886a19bc7a234e7150717d126c3856c9 Mon Sep 17 00:00:00 2001
From: heckflosse <heckflosse67@gmx.de>
Date: Sat, 15 Aug 2015 17:44:46 +0200
Subject: [PATCH] Crash when saving to uncompressed tiff using a huge output
 profile

---
 rtengine/imageio.cc | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/rtengine/imageio.cc b/rtengine/imageio.cc
index 81a061395..db289ca1a 100644
--- a/rtengine/imageio.cc
+++ b/rtengine/imageio.cc
@@ -1196,7 +1196,11 @@ int ImageIO::saveTIFF (Glib::ustring fname, int bps, bool uncompressed)
         }
 
         // buffer for the exif and iptc
-        unsigned char* buffer = new unsigned char[165535];  //TODO: Is it really 165535... or 65535 ?
+        int bufferSize = 165535;   //TODO: Is it really 165535... or 65535 ?
+        if(profileData)
+            bufferSize += profileLength;
+        
+        unsigned char* buffer = new unsigned char[bufferSize];
         unsigned char* iptcdata = NULL;
         unsigned int iptclen = 0;
 
@@ -1213,7 +1217,7 @@ int ImageIO::saveTIFF (Glib::ustring fname, int bps, bool uncompressed)
 
         // The maximum lenght is strangely not the same than for the JPEG file...
         // Which maximum length is the good one ?
-        if (size > 0 && size < 165530) {
+        if (size > 0 && size < bufferSize) {
             fwrite (buffer, size, 1, file);
         }