Exiv2

Hi,

while I was looking through the code this weekend I found a little bug in the DataBuf class. In theory, it could happen that the class deallocates the same memory block twice.
The problem is in DataBuf::alloc(). The function first deallocates the old memory block and then allocates a new one using the new operator. But the call to new may throw an exception when the memory block couldn't be allocated. In this case, pData_, the pointer to the memory block, remains a dangling reference as it still contains the address of the previous memory block which has already been deallocated. So either the next time alloc() is called or in the destructor, the class will try to deallocate that memory block again which may result in all sorts of bad behavior.

I have attached a patch for this (it just sets pData_ and size_ to 0 after the deallocation, so that even in the case of an exception, the instance remains in a valid state).

Cheers,

- Matthias -