From 884973fa773827d0896f300d5938eb6042955044 Mon Sep 17 00:00:00 2001
From: Larry Gritz <lg@larrygritz.com>
Date: Sat, 3 May 2025 14:12:44 -0700
Subject: [PATCH] int: Address safety warnings in pvt::append_tiff_dir_entry

I think what we were doing here was fine all along, but the idiom was
confusing to static analyzers who identified a danger that we were
memcpy'ing into a field that was potentially not big enough. A minor
restructuring of the code and a new assertion should verify that it's
safe and also make it clear to the static analyzer that we aren't
falling into the case it warned about.

Signed-off-by: Larry Gritz <lg@larrygritz.com>
---
 src/libOpenImageIO/exif.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/libOpenImageIO/exif.cpp b/src/libOpenImageIO/exif.cpp
index df80637fe4..9dddae905e 100644
--- a/src/libOpenImageIO/exif.cpp
+++ b/src/libOpenImageIO/exif.cpp
@@ -1092,6 +1092,7 @@ pvt::append_tiff_dir_entry(std::vector<TIFFDirEntry>& dirs,
     dir.tdir_tag        = tag;
     dir.tdir_type       = type;
     dir.tdir_count      = count;
+    dir.tdir_offset     = 0;
     size_t len          = tiff_data_size(dir);
     char* ptr           = nullptr;
     bool data_in_offset = false;
@@ -1099,8 +1100,9 @@ pvt::append_tiff_dir_entry(std::vector<TIFFDirEntry>& dirs,
         dir.tdir_offset = 0;
         data_in_offset  = true;
         if (mydata.size()) {
+            OIIO_DASSERT(len == mydata.size());
             ptr = (char*)&dir.tdir_offset;
-            memcpy(ptr, mydata.data(), mydata.size());
+            memcpy(ptr, mydata.data(), len);
         }
     } else {
         if (mydata.size()) {