From 86690f1ca0e1724d63f83be342f32b69b6077e8a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fl=C3=B6ssie?= <floessie.mail@gmail.com>
Date: Mon, 11 Mar 2019 21:09:57 +0100
Subject: [PATCH] Fix OOB string access (fixes #5207)

---
 rtengine/imagedata.cc | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/rtengine/imagedata.cc b/rtengine/imagedata.cc
index 99df5083e..4dcfe80ff 100644
--- a/rtengine/imagedata.cc
+++ b/rtengine/imagedata.cc
@@ -450,10 +450,18 @@ FrameData::FrameData (rtexif::TagDirectory* frameRootDir_, rtexif::TagDirectory*
                                 found = true;
                                 lens = "Canon " + ldata;
                             }
+                        } else {
+                            found = lens_from_make_and_model();
                         }
                     }
 
-                    if( !found || lens.substr(lens.find(' ')).length() < 7 ) {
+                    const std::string::size_type first_space_pos = lens.find(' ');
+                    const std::string::size_type remaining_size =
+                        first_space_pos != std::string::npos
+                            ? lens.size() - first_space_pos
+                            : 0;
+
+                    if( !found || remaining_size < 7U ) {
                         lt = mnote->findTag("LensID");
 
                         if ( lt ) {
@@ -464,10 +472,6 @@ FrameData::FrameData (rtexif::TagDirectory* frameRootDir_, rtexif::TagDirectory*
                             }
                         }
                     }
-
-                    if (!found) {
-                        lens_from_make_and_model();
-                    }
                 } else if (!make.compare (0, 6, "PENTAX") || (!make.compare (0, 5, "RICOH") && !model.compare (0, 6, "PENTAX"))) {
                     // ISO at max value supported, check manufacturer specific
                     if (iso_speed == 65535 || iso_speed == 0) {