Merge pull request #1944 from SixLabors/bp/issue1942

Fix for issue #1942
SixLabors · Jan 18, 2022 · fe95bb5 · fe95bb5
2 parents dfe3fb5 + 6f495f1
commit fe95bb5
Show file tree

Hide file tree

Showing 6 changed files with 110 additions and 74 deletions.
diff --git a/src/ImageSharp/Metadata/Profiles/IPTC/IptcProfile.cs b/src/ImageSharp/Metadata/Profiles/IPTC/IptcProfile.cs
@@ -16,6 +16,10 @@ public sealed class IptcProfile : IDeepCloneable<IptcProfile>
     {
         private Collection<IptcValue> values;
 
+        private const byte IptcTagMarkerByte = 0x1c;
+
+        private const uint MaxStandardDataTagSize = 0x7FFF;
+
         /// <summary>
         /// Initializes a new instance of the <see cref="IptcProfile"/> class.
         /// </summary>
@@ -78,7 +82,7 @@ public IEnumerable<IptcValue> Values
         }
 
         /// <inheritdoc/>
-        public IptcProfile DeepClone() => new IptcProfile(this);
+        public IptcProfile DeepClone() => new(this);
 
         /// <summary>
         /// Returns all values with the specified tag.
@@ -207,7 +211,7 @@ public void SetDateTimeValue(IptcTag tag, DateTimeOffset dateTimeOffset)
                 throw new ArgumentException("iptc tag is not a time or date type");
             }
 
-            var formattedDate = tag.IsDate()
+            string formattedDate = tag.IsDate()
                 ? dateTimeOffset.ToString("yyyyMMdd", System.Globalization.CultureInfo.InvariantCulture)
                 : dateTimeOffset.ToString("HHmmsszzzz", System.Globalization.CultureInfo.InvariantCulture)
                     .Replace(":", string.Empty);
@@ -231,7 +235,7 @@ public void SetDateTimeValue(IptcTag tag, DateTimeOffset dateTimeOffset)
         /// </summary>
         public void UpdateData()
         {
-            var length = 0;
+            int length = 0;
             foreach (IptcValue value in this.Values)
             {
                 length += value.Length + 5;
@@ -242,7 +246,24 @@ public void UpdateData()
             int i = 0;
             foreach (IptcValue value in this.Values)
             {
-                this.Data[i++] = 28;
+                // Standard DataSet Tag
+                // +-----------+----------------+---------------------------------------------------------------------------------+
+                // | Octet Pos | Name           | Description                                                                     |
+                // +==========-+================+=================================================================================+
+                // | 1         | Tag Marker     | Is the tag marker that initiates the start of a DataSet 0x1c.                   |
+                // +-----------+----------------+---------------------------------------------------------------------------------+
+                // | 2         | Record Number  | Octet 2 is the binary representation of the record number. Note that the        |
+                // |           |                | envelope record number is always 1, and that the application records are        |
+                // |           |                | numbered 2 through 6, the pre-object descriptor record is 7, the object record  |
+                // |           |                | is 8, and the post - object descriptor record is 9.                             |
+                // +-----------+----------------+---------------------------------------------------------------------------------+
+                // | 3         | DataSet Number | Octet 3 is the binary representation of the DataSet number.                     |
+                // +-----------+----------------+---------------------------------------------------------------------------------+
+                // | 4 and 5   | Data Field     | Octets 4 and 5, taken together, are the binary count of the number of octets in |
+                // |           | Octet Count    | the following data field(32767 or fewer octets). Note that the value of bit 7 of|
+                // |           |                | octet 4(most significant bit) always will be 0.                                 |
+                // +-----------+----------------+---------------------------------------------------------------------------------+
+                this.Data[i++] = IptcTagMarkerByte;
                 this.Data[i++] = 2;
                 this.Data[i++] = (byte)value.Tag;
                 this.Data[i++] = (byte)(value.Length >> 8);
@@ -264,34 +285,36 @@ private void Initialize()
 
             this.values = new Collection<IptcValue>();
 
-            if (this.Data == null || this.Data[0] != 0x1c)
+            if (this.Data == null || this.Data[0] != IptcTagMarkerByte)
             {
                 return;
             }
 
-            int i = 0;
-            while (i + 4 < this.Data.Length)
+            int offset = 0;
+            while (offset < this.Data.Length - 4)
             {
-                if (this.Data[i++] != 28)
+                bool isValidTagMarker = this.Data[offset++] == IptcTagMarkerByte;
+                byte recordNumber = this.Data[offset++];
+                bool isValidRecordNumber = recordNumber is >= 1 and <= 9;
+                var tag = (IptcTag)this.Data[offset++];
+                bool isValidEntry = isValidTagMarker && isValidRecordNumber;
+
+                uint byteCount = BinaryPrimitives.ReadUInt16BigEndian(this.Data.AsSpan(offset, 2));
+                offset += 2;
+                if (byteCount > MaxStandardDataTagSize)
                 {
-                    continue;
+                    // Extended data set tag's are not supported.
+                    break;
                 }
 
-                i++;
-
-                var tag = (IptcTag)this.Data[i++];
-
-                int count = BinaryPrimitives.ReadInt16BigEndian(this.Data.AsSpan(i, 2));
-                i += 2;
-
-                var iptcData = new byte[count];
-                if ((count > 0) && (i + count <= this.Data.Length))
+                if (isValidEntry && byteCount > 0 && (offset <= this.Data.Length - byteCount))
                 {
-                    Buffer.BlockCopy(this.Data, i, iptcData, 0, count);
+                    var iptcData = new byte[byteCount];
+                    Buffer.BlockCopy(this.Data, offset, iptcData, 0, (int)byteCount);
                     this.values.Add(new IptcValue(tag, iptcData, false));
                 }
 
-                i += count;
+                offset += (int)byteCount;
             }
         }
     }

diff --git a/src/ImageSharp/Metadata/Profiles/IPTC/IptcTagExtensions.cs b/src/ImageSharp/Metadata/Profiles/IPTC/IptcTagExtensions.cs
@@ -13,60 +13,57 @@ public static class IptcTagExtensions
         /// </summary>
         /// <param name="tag">The tag to check the max length for.</param>
         /// <returns>The maximum length.</returns>
-        public static int MaxLength(this IptcTag tag)
+        public static int MaxLength(this IptcTag tag) => tag switch
         {
-            return tag switch
-            {
-                IptcTag.RecordVersion => 2,
-                IptcTag.ObjectType => 67,
-                IptcTag.ObjectAttribute => 68,
-                IptcTag.Name => 64,
-                IptcTag.EditStatus => 64,
-                IptcTag.EditorialUpdate => 2,
-                IptcTag.Urgency => 1,
-                IptcTag.SubjectReference => 236,
-                IptcTag.Category => 3,
-                IptcTag.SupplementalCategories => 32,
-                IptcTag.FixtureIdentifier => 32,
-                IptcTag.Keywords => 64,
-                IptcTag.LocationCode => 3,
-                IptcTag.LocationName => 64,
-                IptcTag.ReleaseDate => 8,
-                IptcTag.ReleaseTime => 11,
-                IptcTag.ExpirationDate => 8,
-                IptcTag.ExpirationTime => 11,
-                IptcTag.SpecialInstructions => 256,
-                IptcTag.ActionAdvised => 2,
-                IptcTag.ReferenceService => 10,
-                IptcTag.ReferenceDate => 8,
-                IptcTag.ReferenceNumber => 8,
-                IptcTag.CreatedDate => 8,
-                IptcTag.CreatedTime => 11,
-                IptcTag.DigitalCreationDate => 8,
-                IptcTag.DigitalCreationTime => 11,
-                IptcTag.OriginatingProgram => 32,
-                IptcTag.ProgramVersion => 10,
-                IptcTag.ObjectCycle => 1,
-                IptcTag.Byline => 32,
-                IptcTag.BylineTitle => 32,
-                IptcTag.City => 32,
-                IptcTag.SubLocation => 32,
-                IptcTag.ProvinceState => 32,
-                IptcTag.CountryCode => 3,
-                IptcTag.Country => 64,
-                IptcTag.OriginalTransmissionReference => 32,
-                IptcTag.Headline => 256,
-                IptcTag.Credit => 32,
-                IptcTag.Source => 32,
-                IptcTag.CopyrightNotice => 128,
-                IptcTag.Contact => 128,
-                IptcTag.Caption => 2000,
-                IptcTag.CaptionWriter => 32,
-                IptcTag.ImageType => 2,
-                IptcTag.ImageOrientation => 1,
-                _ => 256
-            };
-        }
+            IptcTag.RecordVersion => 2,
+            IptcTag.ObjectType => 67,
+            IptcTag.ObjectAttribute => 68,
+            IptcTag.Name => 64,
+            IptcTag.EditStatus => 64,
+            IptcTag.EditorialUpdate => 2,
+            IptcTag.Urgency => 1,
+            IptcTag.SubjectReference => 236,
+            IptcTag.Category => 3,
+            IptcTag.SupplementalCategories => 32,
+            IptcTag.FixtureIdentifier => 32,
+            IptcTag.Keywords => 64,
+            IptcTag.LocationCode => 3,
+            IptcTag.LocationName => 64,
+            IptcTag.ReleaseDate => 8,
+            IptcTag.ReleaseTime => 11,
+            IptcTag.ExpirationDate => 8,
+            IptcTag.ExpirationTime => 11,
+            IptcTag.SpecialInstructions => 256,
+            IptcTag.ActionAdvised => 2,
+            IptcTag.ReferenceService => 10,
+            IptcTag.ReferenceDate => 8,
+            IptcTag.ReferenceNumber => 8,
+            IptcTag.CreatedDate => 8,
+            IptcTag.CreatedTime => 11,
+            IptcTag.DigitalCreationDate => 8,
+            IptcTag.DigitalCreationTime => 11,
+            IptcTag.OriginatingProgram => 32,
+            IptcTag.ProgramVersion => 10,
+            IptcTag.ObjectCycle => 1,
+            IptcTag.Byline => 32,
+            IptcTag.BylineTitle => 32,
+            IptcTag.City => 32,
+            IptcTag.SubLocation => 32,
+            IptcTag.ProvinceState => 32,
+            IptcTag.CountryCode => 3,
+            IptcTag.Country => 64,
+            IptcTag.OriginalTransmissionReference => 32,
+            IptcTag.Headline => 256,
+            IptcTag.Credit => 32,
+            IptcTag.Source => 32,
+            IptcTag.CopyrightNotice => 128,
+            IptcTag.Contact => 128,
+            IptcTag.Caption => 2000,
+            IptcTag.CaptionWriter => 32,
+            IptcTag.ImageType => 2,
+            IptcTag.ImageOrientation => 1,
+            _ => 256
+        };
 
         /// <summary>
         /// Determines if the given tag can be repeated according to the specification.

diff --git a/src/ImageSharp/Metadata/Profiles/IPTC/IptcValue.cs b/src/ImageSharp/Metadata/Profiles/IPTC/IptcValue.cs
@@ -101,7 +101,7 @@ public string Value
                     byte[] valueBytes;
                     if (this.Strict && value.Length > maxLength)
                     {
-                        var cappedValue = value.Substring(0, maxLength);
+                        string cappedValue = value.Substring(0, maxLength);
                         valueBytes = this.encoding.GetBytes(cappedValue);
 
                         // It is still possible that the bytes of the string exceed the limit.

diff --git a/tests/ImageSharp.Tests/Formats/Jpg/JpegDecoderTests.Metadata.cs b/tests/ImageSharp.Tests/Formats/Jpg/JpegDecoderTests.Metadata.cs
@@ -288,5 +288,17 @@ public void Decoder_Reads_Correct_Resolution_From_Exif(bool useIdentify) => Test
                         Assert.Equal(72, imageInfo.Metadata.HorizontalResolution);
                         Assert.Equal(72, imageInfo.Metadata.VerticalResolution);
                     });
+
+        [Theory]
+        [WithFile(TestImages.Jpeg.Issues.InvalidIptcTag, PixelTypes.Rgba32)]
+        public void Decode_WithInvalidIptcTag_DoesNotThrowException<TPixel>(TestImageProvider<TPixel> provider)
+            where TPixel : unmanaged, IPixel<TPixel>
+        {
+            Exception ex = Record.Exception(() =>
+            {
+                using Image<TPixel> image = provider.GetImage(JpegDecoder);
+            });
+            Assert.Null(ex);
+        }
     }
 }
diff --git a/tests/ImageSharp.Tests/TestImages.cs b/tests/ImageSharp.Tests/TestImages.cs
@@ -261,6 +261,7 @@ public static class Issues
                 public const string WrongColorSpace = "Jpg/issues/Issue1732-WrongColorSpace.jpg";
                 public const string MalformedUnsupportedComponentCount = "Jpg/issues/issue-1900-malformed-unsupported-255-components.jpg";
                 public const string MultipleApp01932 = "Jpg/issues/issue-1932-app0-resolution.jpg";
+                public const string InvalidIptcTag = "Jpg/issues/Issue1942InvalidIptcTag.jpg";
 
                 public static class Fuzz
                 {

diff --git a/tests/Images/Input/Jpg/issues/Issue1942InvalidIptcTag.jpg b/tests/Images/Input/Jpg/issues/Issue1942InvalidIptcTag.jpg