Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for issue #1942 #1944

Merged
merged 7 commits into from
Jan 18, 2022
Merged

Fix for issue #1942 #1944

merged 7 commits into from
Jan 18, 2022

Conversation

brianpopow
Copy link
Collaborator

Prerequisites

  • I have written a descriptive pull-request title
  • I have verified that there are no overlapping pull-requests open
  • I have verified that I am following the existing coding patterns and practice as demonstrated in the repository. These follow strict Stylecop rules 👮.
  • I have provided test coverage for my change (where applicable)

Description

The real cause of issue #1942 is, the provided testimage seems to have a invalid IPTC profile. The second IPTC value does not start with the expected 0x1c tag marker, its 0 instead.

This PR will skips this tag and ignores IPCT's Extended DataSet feature tags.

@brianpopow brianpopow linked an issue Jan 17, 2022 that may be closed by this pull request
Overflow exception related to IptcProfile #1942
Closed
4 tasks
JimBobSquarePants
JimBobSquarePants reviewed Jan 17, 2022
View reviewed changes
src/ImageSharp/Metadata/Profiles/IPTC/IptcProfile.cs Outdated
{
if (this.Data[i++] != 28)
bool isValidTagMarker = this.Data[offset++] == IptcTagMarkerByte;
byte recordType = this.Data[offset++];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see recordType is unused but I'm struggling to correlate this with the spec. Got any pointers.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

section 1.5 iii:

Octet 2 is the binary representation of the record number. Note that the
envelope record number is always 1, and that the application records are
numbered 2 through 6, the pre-object descriptor record is 7, the object record
is 8, and the post-object descriptor record is 9.

I was not sure what to do with this info. Maybe it would be wise to consider the value invalid if its not in the range of 1 to 9.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it would be wise to consider the value invalid if its not in the range of 1 to 9.

Probably wise.

JimBobSquarePants
JimBobSquarePants reviewed Jan 17, 2022
View reviewed changes
src/ImageSharp/Metadata/Profiles/IPTC/IptcProfile.cs
@@ -242,7 +246,7 @@ public void UpdateData()
int i = 0;
foreach (IptcValue value in this.Values)
{
this.Data[i++] = 28;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder whether we should add a little ascii table just indicating what the dataset tags look like?

gfoidl
gfoidl reviewed Jan 17, 2022
View reviewed changes
src/ImageSharp/Metadata/Profiles/IPTC/IptcProfile.cs Outdated

var iptcData = new byte[count];
if ((count > 0) && (i + count <= this.Data.Length))
if (isValidTagMarker && byteCount > 0 && (offset + byteCount <= this.Data.Length))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (isValidTagMarker && byteCount > 0 && (offset + byteCount <= this.Data.Length))
if (isValidTagMarker && byteCount > 0 && (offset <= this.Data.Length - byteCount))

To prevent potential overflow. I see that this won't happen in practice, but I got conditioned to be paranoid about these cases (to be safe against malicious code, etc.).

src/ImageSharp/Metadata/Profiles/IPTC/IptcProfile.cs Outdated Show resolved Hide resolved
JimBobSquarePants
JimBobSquarePants approved these changes Jan 18, 2022
View reviewed changes
Copy link
Member

@JimBobSquarePants JimBobSquarePants left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lovely stuff @brianpopow thanks for working on this.

Also thanks @gfoidl for the reviews.

@JimBobSquarePants JimBobSquarePants added this to the 2.0.0 milestone Jan 18, 2022
@JimBobSquarePants JimBobSquarePants merged commit fe95bb5 into master Jan 18, 2022
@JimBobSquarePants JimBobSquarePants deleted the bp/issue1942 branch January 18, 2022 00:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gfoidl gfoidl gfoidl left review comments

@JimBobSquarePants JimBobSquarePants JimBobSquarePants approved these changes

Assignees
No one assigned
Labels
bug metadata:iptc
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Overflow exception related to IptcProfile
3 participants
@brianpopow @JimBobSquarePants @gfoidl