From d985b3b5f5657fa4980b06e815c97465bc4459da Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Fri, 27 Feb 2026 10:38:22 +0000
Subject: [PATCH] Check for integer overflow.

---
 src/psdimage.cpp | 4 ++++
 1 file changed, 4 insertions(+)

Index: exiv2-0.26/src/psdimage.cpp
===================================================================
--- exiv2-0.26.orig/src/psdimage.cpp
+++ exiv2-0.26/src/psdimage.cpp
@@ -49,6 +50,7 @@ EXIV2_RCSID("@(#) $Id$")
 #include <iomanip>
 #include <cassert>
 #include <memory>
+#include <limits>
 
 // Todo: Consolidate with existing code in struct Photoshop (jpgimage.hpp):
 //       Extend this helper to a proper class with all required functionality,
@@ -325,6 +327,9 @@ namespace Exiv2 {
                 nativePreview.height_ = getLong(buf + 8, bigEndian);
                 const uint32_t format = getLong(buf + 0, bigEndian);
 
+                enforce(nativePreview.size_ <= static_cast<size_t>(std::numeric_limits<long>::max()),
+                        Exiv2::kerCorruptedMetadata);
+
                 if (nativePreview.size_ > 0 && nativePreview.position_ >= 0) {
                     io_->seek(static_cast<long>(nativePreview.size_), BasicIo::cur);
                     if (io_->error() || io_->eof()) throw Error(14);