Description: Fix a buffer read overflow in exif_entry_get_value() (CVE-2020-0182)
 While parsing EXIF_TAG_FOCAL_LENGTH it was possible to read 8 bytes past
 the end of a heap buffer. This was detected by the OSS Fuzz project.
Origin: commit:f9bb9f263fb00f0603ecbefa8957cad24168cbff
Author: Dan Fandrich <dan@coneharvesters.com>
Last-Update: 2020-06-13

---
 libexif/exif-entry.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/libexif/exif-entry.c
+++ b/libexif/exif-entry.c
@@ -1043,12 +1043,12 @@
 		d = 0.;
 		entry = exif_content_get_entry (
 			e->parent->parent->ifd[EXIF_IFD_0], EXIF_TAG_MAKE);
-		if (entry && entry->data &&
+		if (entry && entry->data && entry->size >= 7 &&
 		    !strncmp ((char *)entry->data, "Minolta", 7)) {
 			entry = exif_content_get_entry (
 					e->parent->parent->ifd[EXIF_IFD_0],
 					EXIF_TAG_MODEL);
-			if (entry && entry->data) {
+			if (entry && entry->data && entry->size >= 8) {
 				if (!strncmp ((char *)entry->data, "DiMAGE 7", 8))
 					d = 3.9;
 				else if (!strncmp ((char *)entry->data, "DiMAGE 5", 8))