#664: Check key size before comparing it.
This commit is contained in:
Andreas Huggel
parent
763b4f7933
commit
e8f8f2c14d
@ -103,7 +103,7 @@ namespace Exiv2 {
|
||||
std::cout << "Exiv2::PngChunk::decodeTXTChunk: TXT chunk data: "
|
||||
<< std::string((const char*)arr.pData_, 32) << "\n";
|
||||
#endif
|
||||
parseChunkContent(pImage, key.pData_, arr);
|
||||
parseChunkContent(pImage, key.pData_, key.size_, arr);
|
||||
|
||||
} // PngChunk::decodeTXTChunk
|
||||
|
||||
@ -111,7 +111,7 @@ namespace Exiv2 {
|
||||
{
|
||||
// From a tEXt, zTXt, or iTXt chunk,
|
||||
// we get the key, it's a null terminated string at the chunk start
|
||||
|
||||
if (data.size_ <= (stripHeader ? 8 : 0)) throw Error(14);
|
||||
const byte *key = data.pData_ + (stripHeader ? 8 : 0);
|
||||
|
||||
// Find null string at end of key.
|
||||
@ -162,7 +162,6 @@ namespace Exiv2 {
|
||||
const byte* text = data.pData_ + keysize + 1;
|
||||
long textsize = data.size_ - keysize - 1;
|
||||
|
||||
arr.alloc(textsize);
|
||||
arr = DataBuf(text, textsize);
|
||||
}
|
||||
else if(type == iTXt_Chunk)
|
||||
@ -228,13 +227,17 @@ namespace Exiv2 {
|
||||
|
||||
} // PngChunk::parsePngChunk
|
||||
|
||||
void PngChunk::parseChunkContent(Image* pImage, const byte *key, const DataBuf arr)
|
||||
void PngChunk::parseChunkContent( Image* pImage,
|
||||
const byte* key,
|
||||
long keySize,
|
||||
const DataBuf arr)
|
||||
{
|
||||
// We look if an ImageMagick EXIF raw profile exist.
|
||||
|
||||
if ( (memcmp("Raw profile type exif", key, 21) == 0 ||
|
||||
memcmp("Raw profile type APP1", key, 21) == 0) &&
|
||||
pImage->exifData().empty())
|
||||
if ( keySize >= 21
|
||||
&& ( memcmp("Raw profile type exif", key, 21) == 0
|
||||
|| memcmp("Raw profile type APP1", key, 21) == 0)
|
||||
&& pImage->exifData().empty())
|
||||
{
|
||||
DataBuf exifData = readRawProfile(arr);
|
||||
long length = exifData.size_;
|
||||
@ -282,7 +285,8 @@ namespace Exiv2 {
|
||||
|
||||
// We look if an ImageMagick IPTC raw profile exist.
|
||||
|
||||
if ( memcmp("Raw profile type iptc", key, 21) == 0
|
||||
if ( keySize >= 21
|
||||
&& memcmp("Raw profile type iptc", key, 21) == 0
|
||||
&& pImage->iptcData().empty()) {
|
||||
DataBuf psData = readRawProfile(arr);
|
||||
if (psData.size_ > 0) {
|
||||
@ -332,8 +336,9 @@ namespace Exiv2 {
|
||||
|
||||
// We look if an ImageMagick XMP raw profile exist.
|
||||
|
||||
if ( memcmp("Raw profile type xmp", key, 20) == 0 &&
|
||||
pImage->xmpData().empty())
|
||||
if ( keySize >= 20
|
||||
&& memcmp("Raw profile type xmp", key, 20) == 0
|
||||
&& pImage->xmpData().empty())
|
||||
{
|
||||
DataBuf xmpBuf = readRawProfile(arr);
|
||||
long length = xmpBuf.size_;
|
||||
@ -362,8 +367,9 @@ namespace Exiv2 {
|
||||
|
||||
// We look if an Adobe XMP string exist.
|
||||
|
||||
if ( memcmp("XML:com.adobe.xmp", key, 17) == 0 &&
|
||||
pImage->xmpData().empty())
|
||||
if ( keySize >= 17
|
||||
&& memcmp("XML:com.adobe.xmp", key, 17) == 0
|
||||
&& pImage->xmpData().empty())
|
||||
{
|
||||
if (arr.size_ > 0)
|
||||
{
|
||||
@ -390,8 +396,9 @@ namespace Exiv2 {
|
||||
// We look if a comments string exist. Note than we use only 'Description' keyword which
|
||||
// is dedicaced to store long comments. 'Comment' keyword is ignored.
|
||||
|
||||
if ( memcmp("Description", key, 11) == 0 &&
|
||||
pImage->comment().empty())
|
||||
if ( keySize >= 11
|
||||
&& memcmp("Description", key, 11) == 0
|
||||
&& pImage->comment().empty())
|
||||
{
|
||||
pImage->comment().assign(reinterpret_cast<char*>(arr.pData_), arr.size_);
|
||||
}
|
||||
|
||||
@ -134,8 +134,9 @@ namespace Exiv2 {
|
||||
Xmp packet generated by Adobe ==> Image Xmp metadata.
|
||||
Description string ==> Image Comments.
|
||||
*/
|
||||
static void parseChunkContent(Image* pImage,
|
||||
static void parseChunkContent( Image* pImage,
|
||||
const byte* key,
|
||||
long keySize,
|
||||
const DataBuf arr);
|
||||
|
||||
/*!
|
||||
|
||||
@ -132,11 +132,7 @@ namespace Exiv2 {
|
||||
if (io_->error()) throw Error(14);
|
||||
if (bufRead != cheaderBuf.size_) throw Error(20);
|
||||
|
||||
#ifdef DEBUG
|
||||
std::cout << "Exiv2::PngImage::readMetadata: Next Chunk: " << cheaderBuf.pData_ + 4 << "\n";
|
||||
#endif
|
||||
// Decode chunk data length.
|
||||
|
||||
uint32_t dataOffset = Exiv2::getULong(cheaderBuf.pData_, Exiv2::bigEndian);
|
||||
if (dataOffset > 0x7FFFFFFF) throw Exiv2::Error(14);
|
||||
|
||||
@ -159,35 +155,35 @@ namespace Exiv2 {
|
||||
{
|
||||
// Last chunk found: we stop parsing.
|
||||
#ifdef DEBUG
|
||||
std::cout << "Exiv2::PngImage::readMetadata: Found IEND chunk (lenght: " << dataOffset << ")\n";
|
||||
std::cout << "Exiv2::PngImage::readMetadata: Found IEND chunk (length: " << dataOffset << ")\n";
|
||||
#endif
|
||||
return;
|
||||
}
|
||||
else if (!memcmp(cheaderBuf.pData_ + 4, "IHDR", 4))
|
||||
{
|
||||
#ifdef DEBUG
|
||||
std::cout << "Exiv2::PngImage::readMetadata: Found IHDR chunk (lenght: " << dataOffset << ")\n";
|
||||
std::cout << "Exiv2::PngImage::readMetadata: Found IHDR chunk (length: " << dataOffset << ")\n";
|
||||
#endif
|
||||
PngChunk::decodeIHDRChunk(cdataBuf, &pixelWidth_, &pixelHeight_);
|
||||
}
|
||||
else if (!memcmp(cheaderBuf.pData_ + 4, "tEXt", 4))
|
||||
{
|
||||
#ifdef DEBUG
|
||||
std::cout << "Exiv2::PngImage::readMetadata: Found tEXt chunk (lenght: " << dataOffset << ")\n";
|
||||
std::cout << "Exiv2::PngImage::readMetadata: Found tEXt chunk (length: " << dataOffset << ")\n";
|
||||
#endif
|
||||
PngChunk::decodeTXTChunk(this, cdataBuf, PngChunk::tEXt_Chunk);
|
||||
}
|
||||
else if (!memcmp(cheaderBuf.pData_ + 4, "zTXt", 4))
|
||||
{
|
||||
#ifdef DEBUG
|
||||
std::cout << "Exiv2::PngImage::readMetadata: Found zTXt chunk (lenght: " << dataOffset << ")\n";
|
||||
std::cout << "Exiv2::PngImage::readMetadata: Found zTXt chunk (length: " << dataOffset << ")\n";
|
||||
#endif
|
||||
PngChunk::decodeTXTChunk(this, cdataBuf, PngChunk::zTXt_Chunk);
|
||||
}
|
||||
else if (!memcmp(cheaderBuf.pData_ + 4, "iTXt", 4))
|
||||
{
|
||||
#ifdef DEBUG
|
||||
std::cout << "Exiv2::PngImage::readMetadata: Found iTXt chunk (lenght: " << dataOffset << ")\n";
|
||||
std::cout << "Exiv2::PngImage::readMetadata: Found iTXt chunk (length: " << dataOffset << ")\n";
|
||||
#endif
|
||||
PngChunk::decodeTXTChunk(this, cdataBuf, PngChunk::iTXt_Chunk);
|
||||
}
|
||||
@ -270,7 +266,7 @@ namespace Exiv2 {
|
||||
{
|
||||
// Last chunk found: we write it and done.
|
||||
#ifdef DEBUG
|
||||
std::cout << "Exiv2::PngImage::doWriteMetadata: Write IEND chunk (lenght: " << dataOffset << ")\n";
|
||||
std::cout << "Exiv2::PngImage::doWriteMetadata: Write IEND chunk (length: " << dataOffset << ")\n";
|
||||
#endif
|
||||
if (outIo.write(chunkBuf.pData_, chunkBuf.size_) != chunkBuf.size_) throw Error(21);
|
||||
return;
|
||||
@ -278,7 +274,7 @@ namespace Exiv2 {
|
||||
else if (!memcmp(cheaderBuf.pData_ + 4, "IHDR", 4))
|
||||
{
|
||||
#ifdef DEBUG
|
||||
std::cout << "Exiv2::PngImage::doWriteMetadata: Write IHDR chunk (lenght: " << dataOffset << ")\n";
|
||||
std::cout << "Exiv2::PngImage::doWriteMetadata: Write IHDR chunk (length: " << dataOffset << ")\n";
|
||||
#endif
|
||||
if (outIo.write(chunkBuf.pData_, chunkBuf.size_) != chunkBuf.size_) throw Error(21);
|
||||
|
||||
@ -362,7 +358,7 @@ namespace Exiv2 {
|
||||
{
|
||||
#ifdef DEBUG
|
||||
std::cout << "Exiv2::PngImage::doWriteMetadata: write " << cheaderBuf.pData_ + 4
|
||||
<< " chunk (lenght: " << dataOffset << ")\n";
|
||||
<< " chunk (length: " << dataOffset << ")\n";
|
||||
#endif
|
||||
if (outIo.write(chunkBuf.pData_, chunkBuf.size_) != chunkBuf.size_) throw Error(21);
|
||||
}
|
||||
@ -372,7 +368,7 @@ namespace Exiv2 {
|
||||
// Write all others chunk as well.
|
||||
#ifdef DEBUG
|
||||
std::cout << "Exiv2::PngImage::doWriteMetadata: write " << cheaderBuf.pData_ + 4
|
||||
<< " chunk (lenght: " << dataOffset << ")\n";
|
||||
<< " chunk (length: " << dataOffset << ")\n";
|
||||
#endif
|
||||
if (outIo.write(chunkBuf.pData_, chunkBuf.size_) != chunkBuf.size_) throw Error(21);
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user