-
-
Notifications
You must be signed in to change notification settings - Fork 851
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix for issue #1942 #1944
Fix for issue #1942 #1944
Conversation
{ | ||
if (this.Data[i++] != 28) | ||
bool isValidTagMarker = this.Data[offset++] == IptcTagMarkerByte; | ||
byte recordType = this.Data[offset++]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see recordType
is unused but I'm struggling to correlate this with the spec. Got any pointers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
section 1.5 iii:
Octet 2 is the binary representation of the record number. Note that the
envelope record number is always 1, and that the application records are
numbered 2 through 6, the pre-object descriptor record is 7, the object record
is 8, and the post-object descriptor record is 9.
I was not sure what to do with this info. Maybe it would be wise to consider the value invalid if its not in the range of 1 to 9.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe it would be wise to consider the value invalid if its not in the range of 1 to 9.
Probably wise.
@@ -242,7 +246,7 @@ public void UpdateData() | |||
int i = 0; | |||
foreach (IptcValue value in this.Values) | |||
{ | |||
this.Data[i++] = 28; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder whether we should add a little ascii table just indicating what the dataset tags look like?
|
||
var iptcData = new byte[count]; | ||
if ((count > 0) && (i + count <= this.Data.Length)) | ||
if (isValidTagMarker && byteCount > 0 && (offset + byteCount <= this.Data.Length)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if (isValidTagMarker && byteCount > 0 && (offset + byteCount <= this.Data.Length)) | |
if (isValidTagMarker && byteCount > 0 && (offset <= this.Data.Length - byteCount)) |
To prevent potential overflow. I see that this won't happen in practice, but I got conditioned to be paranoid about these cases (to be safe against malicious code, etc.).
Co-authored-by: Günther Foidl <gue@korporal.at>
Change condition to (offset <= this.Data.Length - byteCount)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lovely stuff @brianpopow thanks for working on this.
Also thanks @gfoidl for the reviews.
Prerequisites
Description
The real cause of issue #1942 is, the provided testimage seems to have a invalid IPTC profile. The second IPTC value does not start with the expected 0x1c tag marker, its 0 instead.
This PR will skips this tag and ignores IPCT's Extended DataSet feature tags.