From 7798ae25574425271305fffe85de77bec8df03f1 Mon Sep 17 00:00:00 2001 From: Kevin Backhouse Date: Wed, 15 May 2019 10:12:02 +0100 Subject: [PATCH] Throw an exception if the data location is invalid. (#842) --- src/crwimage_int.cpp | 7 +++---- src/crwimage_int.hpp | 1 - test/data/issue_841_poc.crw | Bin 0 -> 10078 bytes tests/bugfixes/github/test_issue_841.py | 22 ++++++++++++++++++++++ 4 files changed, 25 insertions(+), 5 deletions(-) create mode 100644 test/data/issue_841_poc.crw create mode 100644 tests/bugfixes/github/test_issue_841.py diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp index 4080c078..58f1f467 100644 --- a/src/crwimage_int.cpp +++ b/src/crwimage_int.cpp @@ -570,12 +570,11 @@ namespace Exiv2 { DataLocId CiffComponent::dataLocation(uint16_t tag) { - DataLocId di = invalidDataLocId; switch (tag & 0xc000) { - case 0x0000: di = valueData; break; - case 0x4000: di = directoryData; break; + case 0x0000: return valueData; + case 0x4000: return directoryData; + default: throw Error(kerCorruptedMetadata); } - return di; } // CiffComponent::dataLocation /*! diff --git a/src/crwimage_int.hpp b/src/crwimage_int.hpp index 3e45bb73..84997d29 100644 --- a/src/crwimage_int.hpp +++ b/src/crwimage_int.hpp @@ -74,7 +74,6 @@ namespace Exiv2 { //! Type to identify where the data is stored in a directory enum DataLocId { - invalidDataLocId, valueData, directoryData, lastDataLocId diff --git a/test/data/issue_841_poc.crw b/test/data/issue_841_poc.crw new file mode 100644 index 0000000000000000000000000000000000000000..75e04b1800eaebf1bcd3a5135820b5120eeca5af GIT binary patch literal 10078 zcmd^kby!v3((u|Rh(mV>2uPQ7iiC7`3X;;OAR=H;A|N1*qNpI9f`o{HNC~2XbQzSO zfFOtpoc--{jNgstz3=_L@BZ^X@65B;nb|95X02JX)}EuU&kg|4)7CIMbV$nrA^!k8 z3QvGoKu$tJMuH_LBPGL;lT%PJ(@;@TQgJXa(K7RJ?&Ia*;NHt8EGxz*C?&|XS6o$G zN?t)(S(#TvP3xedri_A;JVZ`TPKl#rq@-k|!QpT;?CdxkJG&`60ZjiLfLj3_88{7Y zp&=fCqJz+M5Zn$G003bjBK+1ELZLBO5>hg990e^vL1;7zgT`Vp7^LM{qz+){u=G4q z8YB$nuB5yt7^S1q^2zpT);?jf=>NwFWnZX=QC=YiIA^?%{dV%iG5{_+-eb(9>bzF|iloF2*M$re|bkW#?SEnp<$Yu&B7C zw5+`DZhb>z)4k^VZBN@fI=i}`^$ffo92y=O9UFi5er9%Ve&NI7(%Sl$jm@uH-@gBV z0Q#pnNcq#Ezp;l7u?L00pfRKbdmvOO@}TK3SRN@7dJS_@*Aoo9(otlLnrZp9PssPl zSbS!33+l%)^U1#BUn7`AwCLY6DEj}&qCW=xu?HRplxPT9Ff<)d1Nn^T@p^IY@wc-s zw&Dre*IMLnIEL->e6DpPV$EDODCVVF@_x;$dqhJ?u4rtiWwE%ickcxYY@|iHdfb!`5U`|H*ey1yMx$4fIRLVPVI;xN&zaKp^ILt1fLt`)-vt@F%CSq{o z+l=YDZ(G4v!7rt?@t+^1oL4@qu+_(N=^}np@a3{PG^v71PFN|(YE7ECZ%KA!kRiSl8wT>84KFW|1>#5r} za_hWQ%Z&JW{E{;FN5A zqV7CUD|9+C*)Y|fg1*6W0MZ-~-wfYpTVdE(`Qg~IOH&M4%<@TKuBM|+8Ns`O97YgJW8jY6V2n&oqxpQf=PFap z_yV2Q!_Uu27cG^7Dt0?Gf>k&}iYmjk6AOf>!*gE@N*LUhX=3Wmab5_w(UnN!JZ44l zGL7xoR`meI=}*g=r68@3{zFvgisuonEirScjF01$c0MP@+EA1?K80uK8=6>;9QR$> zZRCBVVwJcMn3>I&G@PcH-F4{QO{(@2s*^lLf(Me8tM6{BGF)+`OBt=+ws%}T@Jyv; zx9eJ!ULme87xy~sta}Fjo9sq&{ANJOo5TyUJ;(j>j~>w9(o_BM+AU2W>3~0*Y519* zuS*;$lT!>si9T_qQNzQw%E{eLcasZKH(R%F501F{y_4@>X7=((%k+$f0eNYjlCgYa zLXnaV)sZl^`#190(b*ifoMlTi;dm>px7Tfzb^YXI>n|BMTJNI_6C7^D%+Ceo(S-My zS`2)U+9%cb(x8E_{8Gxs`}-++z4ukVm@S4IE;&@X2(RA`c=2?DsbAmOuzS8rRQtw- z0GB%@*@;Zr25v(4jiJVljG1hqfsr;Rbe5?H0tS}Z{ai>UlWGoqv*>aOK#K}lfAaaX^NRoW zk)w`DX`0tbs5UCX1ujc8ouAb@RggTOzuS+O8=?uH_M#jS^^4%T2C*d*+av_~7KDg#h*xlY!wbeNV=bT82CI>XCgZBz|rxCj!esD<}4NpYMYggD`;Z zzF;y1ZgoYEO=bKfNvCre_WQ6Kzi0}sga81XocQ_37 zcyT9Mo*4-6R}|G2e3&Hc#)grHmUMkrP8wFJnY@}2S}T~D=bpVA@gw)+Q@M(qF$a#* z@r@(<$7N4$_n!}WARumiTI}E#7;HYyI~b3mfYT@}*tC1Q%JOEyPzZmCHmUU0mF z%t8knW>Zoy?dZ2&SZcKXEM0d`!m8bfanZ-x2IlJR4OK2D9@%3Qel_24o>uyzqqRTH`_1y~CY|{)fmWV46BU~c5rIjY za+Tiay>$AWbQ#|Y@m$>tXZSvxZ1LJV)e$0oobrrq`o?*gv6Sxa!Tnl%LP|&9;+&-3 zr3YjHQ%mdDuZ}eZafS>V_Bz_}Nqw)%NU0<>U$#FekvVFwRXS0a*X}Fxdb&7w$Nt#5 zKvTT2n+_Oz!h1E}=k*eM*Vy|PuM}iXncrxrbeouSGV+z%(^RLbyvL)VQ7_fi{J1b? zPn~+}ir=t7?`!v-z?I$hqf(KiMnitvtO5^HjwTysy-n*b^PLlP4Pj00OnMR~75vRs z@PHS|gXeDbuh&&6_ieF%dOqg#;r z9q-@g$#2aKaa@cI$%ymcMlwF zYI5e!o{OX{a|wG9HnZ5_XEJ;)N~N)?VN*q=h3uNg?3pEL(aR%M^MfIx+QL~0z0Aw@ zI=!=g=kE;yX#82$wTu_olg?!I!i;y*k{4>4zW0T=W-XlSo^O8~I+W*?){?V0YMCg^ zV*+hd&#$g4ib*ZU&bB|`@RBpo7FE8zJKL>RB>Mw=kn|9G6LL?@U|!D9((8EtW23y1 zL0bW7mc;aJmAupT<0h(Kr6f+v<*3Z9IR~lOx8zSq_ zC1b@-3TG#eow1j!2Yrke`##t3@xQg_oj&)uTrzAm0Ecvy-eNK7&@Hl0g*{YJ@aIMd6 z@0J{|p#i%)9OpvPw-N_jf{e)qelYuQOyn7SRpd>+bMA}#1*S#iqt_d47BL0~&EI?< zIZL+Q@u>1`m4ugPovd*MSMtO|E&szb4;X*MIFyZcv>y@d;m^I4FlexM-NN7=q!&3%_ObsR|V{~ZM=Wc7h{7? zOYsxdF?8+-7WNLsvkviQGcY76L(wXUA1m)DZPw^qZ(b}JS~+fV;BM2T{XSI~IJj%> zX)ZTu9ctf}47|;I?+x3>)6MvSaIUSHF*O=P_28hgSTJJnHL%r%<&lw%>rLFeV!N-uF5&Cj~Y+=+N4iIn~= zPp;{PkEeblh0>8%6;j7~Fe!Cc-N7#%KkvEt!QIiO@P3scMd@rv8U2oeWyi^&D_@v- z@1ysHo_AR9J9mD6XKu=uUOlpx#n|8xXTl-VJN=!mw?g_wxspX#$+PkTE=Q&XN6RKd z#)V-8^j*OZqRRHGHAnn~%=W%NCt97tWpOqqIK7cq(q`(bTzvo?Z<@yywz(If3fez# zAJ{#d>q>Y0hAzl4d44%?buc*etX?67LLcL$meIlU-XikPA1C{!Wel!s-Jr4jZdIT+ zdgj*1iwKcC|I4?(-r3}w3tUW0u6k*dI3Vd^P(W*+v2&zIS0Gg&RVpi|3DubB-DA=0 zZrV?`>SngmVdA*xbT)5!`TF-edHI{@)bqF;fuiDM7P1n~5TpKkYt-enfm2)&?@r|2 z)LZk|8d>z%cQP;PpsRmrYt@YXL%fchP+@g)`(U8uis6DD^&XeEHhbewZaf+sSn?7L z>OmK9-CK05FRpyfc%5^2rfNfx1GUsnU3f$Eprf7h=7UTwhmDtVlD9D%nt47A%{-0c zk3*Tly9`2~Dvmzd9L-7*SP9S#tnI4R!SbbcKHZ~pFe`$gSu;SHL}$nmO$~wO?5anfmJE8P5{lk)a2adAi+^=GZ+0KAqJCEyA5e1`7V4>Z zH8#AlSXIm-zy9Ey*N?s=^*+~YO6Okj(?6T{TJ_3Zy0H8qh`HJs@3EfTejy^N(|10r z_`z}7x5*DfL#kYA_~%~rRAsUiVN+Yr>`a9*d2L-9%2}_zv=p@H%65G-m8Px0ZMSe& z_>yMjOGyqzIRl>suDGZV=ixE%mJEPW5`v#asu4B#0>D6ob(r;v3N#(x0RJ z?=2y~Xh*Q#C$O!R@T=$J<;{)cX?y~GPWl`RxFoEdHREzz?F6PtR!GmD{l=&>G%W%gt`WKa@%+Y1rt=0l8}-FAmWx&$hc?h zpeP1V*d6w+JCp}W+i;k9AQDCHl0j5@)|MJTgDJU;;*Vb3NF5r`{^4KK#Yl%E`uNBCPvGUf<4i%@^yzrKwjO@06~fI@zeEE*9AxhVqwD@TP; zbch~E@=6i{FaqVM8NdzPK`T=87r-z;b^~EQAng(Nrv(?mga0G1QOgRvuH#qwYTG1X)rkx~pZ zf_Y3PhM~u}kYpk4=rO*yyGZ$ad}(wk8el6hzvUc6Uqnw~K4Vl7x$iMwerXIa)aW7f zHl_}vj?9zVpE)J0a}q2C%flCUb>Y)6!5da#Etmty!-rs9nBWbjKm$&NIDiZC21Z&q z0#(=yoeIUnE-;}#0CxC`yM&$qRO0RMggyWa<16tPqId0shw)g%uK>t|_rWAY?`uG4 zQslD`fEK6$8G{g5&Co4~Hxb5D`!n8cyxOnvI`FsujMwphHQxV^eI>gj_`mQ26b0*} ze`D>gKAIk%gfGU6|C=%cLch=h=m5q)oDfg|IAkrbfD3uA0|@K# z8`JTMpc-07F(N@i9hwIu;2x|GucI6w1^mk$C*TfIpmEqF>^?+tDMW>F+Sx4O|eZjTjyDOVki3hrjIN$R#P(C`jmdnKIck z=|-tP<1*=P(L_?lAfq+zhTsEW7w9!A0`s?YI64#7gdQO?aRp+BE4Ss)Hn0Zt7>RPL z(0+JiyA5>%)`9LLF{2ftge7+Vk)K3;gQ=l)kPD7N^f2wtKk}d86~tQs5&>xe2Z2C< z3_%p21nclRObw_3GY}!p^j;(x;snfzh{S*34^I6-1)xMkeV~ub{Lh_)Bd*EMF}LAu zSQLo;K^XcA4Z&Zih<*d}KyQ(VodGKTkvyvJc&n6#&S8Rbmh=a6zI!HFE0RBDss~yjvtL7(602iB3zWs@UcH zo_5Ceb9Sf*t?RKSGuRE)4b`=neH!P>ze`5FbTlCYN%J-pRE!-N`3gFy@Z{*M+T_f0 z2KL)WK8Y>LQ4jH)$*zz(Y_*wuHN<1`W2)b9nXk?0G)G(FI~NvLv(2(P(@LroQF(sT z-1aB#s?CmxvE6m4X%QlPc>j2kOg4S8_IZ;i79B}E&qACsX}^lk8-iM zDwLhqIDDP*t92%5^}4dM?};$n`cxhh5Y%iQP}$4Qx>jfrAFSP7Y9-US^Dvi(YV4~GVU6{u$&xlYsk7rgM)S_3=_tkzl z-Bxe!YrIM;8BiIphaxNDqlm44D7TkMVMI4wFr(;k;Yg2SJ9UnjI{Auzk0b-`tDc4r zhpZ}#xfmy;-(Ps1sNch!;VF-$_0Nnbq#Lohw$c~km^KvNc%VJO=!CvQm2*#ibaW1O zPfpxJX?ND|x8|P+STnrK>ThVb|v)qpExqXCQ{;#!XkGXEE1VDKoYVVgk4vU za8!u5mjB`>f7K8C;sHt>Srv6;1mquV;+zrY(R<@ZfZz<}jNe?5;jX z`I_A{ze}RZc_>c%#H;QTdbg~eGPTp2EDefWJ)1k@VqxUgvj>e6UQ)m*WMJ##^clj; zZ)}dpIDWEPM!S)UXJ>yT5I~i08b4@ zS@N{y@j=N>J@%n|v7r#zJ)S3f)?!##lp_mH^<|1EsJ+RJ4}Qyem|f7xn5~x5cWBH- zZB#3uG5u3Ss%1ih$#4>G?3S&ImC0G(*p+@m{=VWS)T>ZWrWFUeV*aumTRS(KEsXlh zMdoc!0j3f8i4?=6{)x+?RU%(pg&y@R7P-yrwa7T^)*@W|Jo@!<5x!pa*&_4s^p$R{ z!s_Va=RB)+(huF@w(i#*5kV^(`|s^+xR%wXzoyfdsfE3mOqsDX6j5|;wM=Mm!G^WO zowp}Z#dE|+FKMvXFP}<&Nyy-^A%AS{=89rS-5oXCCK&ie$`5F$?Z(jum`S!KBo?i> zQj3(NiuB(q9I`JVomQx#KO2%bXno+iwTfJ+Qlz^A?je1I@{08J;VRdwWSyfTbv6l@ zhA#i|is0)}H%C<{;=C*Uutq^(3cT#+|j z=KG||y5+%p@x+IV#_qna#|?vpi$6{{av3Y{MpHlJL@7^3OENysNOuao=9E+*Y<$Ig zczieaY<%U{s)O&jBdJQs_RvPB)oYj1F?*{p6U3L|(KuzEBKUK** zal+oISlmgcVgFf=wv<6hCO4i;mLM}`F{=vKiXp*5S(DN21nuK~s~6e833|C*{Yik8ebimgxG+EN z$;^U|dsZB7PkgS->Q#5=gB`cP8lIph{k7iW{FJd4O<9#jjXn*|F;Cf6Y|UTY4zX_R zxIX+ijcLp~+vQ{0MNQ{fHfy>DCuY~|n(Tuy6Gm%`-fi}tOl=;QPd$*M&ZSyGHMrdx z>0p|vk>|ayVvAO+AEyP}L4HLBAxDY#{Zxz_8V6RlDewO$9}M9Bg}gwIyp@D-f)j3` zFj)f$A2~G;ByS*GS&2Z1>jXd{p+ES5DDusLM6}405EMy#4Q!Ek2Z;AsJd6Xs^CW~i z?5Vp2ZILo&mTRwYpKW67(XpWhQ3Kgb<2_Na-OI zmW-gKH$tH$2{OGA4kP4%P^S@!RHzQ21`vuuauSgri->k%BAg3k+?t4<1i(ptK;95I I5kUa{4?@}gH2?qr literal 0 HcmV?d00001 diff --git a/tests/bugfixes/github/test_issue_841.py b/tests/bugfixes/github/test_issue_841.py new file mode 100644 index 00000000..14ba1430 --- /dev/null +++ b/tests/bugfixes/github/test_issue_841.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- + +from system_tests import CaseMeta, path, check_no_ASAN_UBSAN_errors + + +class InvalidDataLocationInCiffComponentDoRead(metaclass=CaseMeta): + """ + Regression test for the bug described in: + https://github.com/Exiv2/exiv2/issues/841 + + An invalid data location causes an assertion failure. + """ + url = "https://github.com/Exiv2/exiv2/issues/841" + + filename = path("$data_path/issue_841_poc.crw") + commands = ["$exiv2 $filename"] + stdout = [""] + stderr = [ + """$exiv2_exception_message $filename: +$kerCorruptedMetadata +"""] + retval = [1]