From 8704c1dd8655e43abfd0631e5bcd66e7fb1c1314 Mon Sep 17 00:00:00 2001
From: Lawrence Lee <45837045+Lawrence37@users.noreply.github.com>
Date: Wed, 15 Feb 2023 21:34:03 -0800
Subject: [PATCH] Add bound check

Thanks to Floessie
(https://github.com/Beep6581/RawTherapee/pull/5889#discussion_r622755925)
---
 rtengine/dcp.cc | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/rtengine/dcp.cc b/rtengine/dcp.cc
index 1f9de0158..29d3625a2 100644
--- a/rtengine/dcp.cc
+++ b/rtengine/dcp.cc
@@ -650,13 +650,16 @@ public:
             }
 
             case FLOAT: {
-                union IntFloat {
-                    std::uint32_t i;
-                    float f;
-                } conv;
+                if (offset + 3 < tag->second.value.size()) {
+                    union IntFloat {
+                        std::uint32_t i;
+                        float f;
+                    } conv;
 
-                conv.i = sget4(tag->second.value.data() + offset);
-                return conv.f;  // IEEE FLOATs are already C format, they just need a recast
+                    conv.i = sget4(tag->second.value.data() + offset);
+                    return conv.f;  // IEEE FLOATs are already C format, they just need a recast
+                }
+                return 0.0;
             }
 
             default: {