diff --git a/src/pngchunk.cpp b/src/pngchunk.cpp index c676c276..744605ac 100644 --- a/src/pngchunk.cpp +++ b/src/pngchunk.cpp @@ -103,7 +103,7 @@ namespace Exiv2 { std::cout << "Exiv2::PngChunk::decodeTXTChunk: TXT chunk data: " << std::string((const char*)arr.pData_, 32) << "\n"; #endif - parseChunkContent(pImage, key.pData_, arr); + parseChunkContent(pImage, key.pData_, key.size_, arr); } // PngChunk::decodeTXTChunk @@ -111,7 +111,7 @@ namespace Exiv2 { { // From a tEXt, zTXt, or iTXt chunk, // we get the key, it's a null terminated string at the chunk start - + if (data.size_ <= (stripHeader ? 8 : 0)) throw Error(14); const byte *key = data.pData_ + (stripHeader ? 8 : 0); // Find null string at end of key. @@ -162,7 +162,6 @@ namespace Exiv2 { const byte* text = data.pData_ + keysize + 1; long textsize = data.size_ - keysize - 1; - arr.alloc(textsize); arr = DataBuf(text, textsize); } else if(type == iTXt_Chunk) @@ -228,13 +227,17 @@ namespace Exiv2 { } // PngChunk::parsePngChunk - void PngChunk::parseChunkContent(Image* pImage, const byte *key, const DataBuf arr) + void PngChunk::parseChunkContent( Image* pImage, + const byte* key, + long keySize, + const DataBuf arr) { // We look if an ImageMagick EXIF raw profile exist. - if ( (memcmp("Raw profile type exif", key, 21) == 0 || - memcmp("Raw profile type APP1", key, 21) == 0) && - pImage->exifData().empty()) + if ( keySize >= 21 + && ( memcmp("Raw profile type exif", key, 21) == 0 + || memcmp("Raw profile type APP1", key, 21) == 0) + && pImage->exifData().empty()) { DataBuf exifData = readRawProfile(arr); long length = exifData.size_; @@ -282,7 +285,8 @@ namespace Exiv2 { // We look if an ImageMagick IPTC raw profile exist. - if ( memcmp("Raw profile type iptc", key, 21) == 0 + if ( keySize >= 21 + && memcmp("Raw profile type iptc", key, 21) == 0 && pImage->iptcData().empty()) { DataBuf psData = readRawProfile(arr); if (psData.size_ > 0) { @@ -332,8 +336,9 @@ namespace Exiv2 { // We look if an ImageMagick XMP raw profile exist. - if ( memcmp("Raw profile type xmp", key, 20) == 0 && - pImage->xmpData().empty()) + if ( keySize >= 20 + && memcmp("Raw profile type xmp", key, 20) == 0 + && pImage->xmpData().empty()) { DataBuf xmpBuf = readRawProfile(arr); long length = xmpBuf.size_; @@ -362,8 +367,9 @@ namespace Exiv2 { // We look if an Adobe XMP string exist. - if ( memcmp("XML:com.adobe.xmp", key, 17) == 0 && - pImage->xmpData().empty()) + if ( keySize >= 17 + && memcmp("XML:com.adobe.xmp", key, 17) == 0 + && pImage->xmpData().empty()) { if (arr.size_ > 0) { @@ -390,8 +396,9 @@ namespace Exiv2 { // We look if a comments string exist. Note than we use only 'Description' keyword which // is dedicaced to store long comments. 'Comment' keyword is ignored. - if ( memcmp("Description", key, 11) == 0 && - pImage->comment().empty()) + if ( keySize >= 11 + && memcmp("Description", key, 11) == 0 + && pImage->comment().empty()) { pImage->comment().assign(reinterpret_cast(arr.pData_), arr.size_); } diff --git a/src/pngchunk_int.hpp b/src/pngchunk_int.hpp index 90c77da3..f1fb8c37 100644 --- a/src/pngchunk_int.hpp +++ b/src/pngchunk_int.hpp @@ -134,8 +134,9 @@ namespace Exiv2 { Xmp packet generated by Adobe ==> Image Xmp metadata. Description string ==> Image Comments. */ - static void parseChunkContent(Image* pImage, + static void parseChunkContent( Image* pImage, const byte* key, + long keySize, const DataBuf arr); /*! diff --git a/src/pngimage.cpp b/src/pngimage.cpp index 0dfd7f09..e56a5f5d 100644 --- a/src/pngimage.cpp +++ b/src/pngimage.cpp @@ -132,11 +132,7 @@ namespace Exiv2 { if (io_->error()) throw Error(14); if (bufRead != cheaderBuf.size_) throw Error(20); -#ifdef DEBUG - std::cout << "Exiv2::PngImage::readMetadata: Next Chunk: " << cheaderBuf.pData_ + 4 << "\n"; -#endif // Decode chunk data length. - uint32_t dataOffset = Exiv2::getULong(cheaderBuf.pData_, Exiv2::bigEndian); if (dataOffset > 0x7FFFFFFF) throw Exiv2::Error(14); @@ -159,35 +155,35 @@ namespace Exiv2 { { // Last chunk found: we stop parsing. #ifdef DEBUG - std::cout << "Exiv2::PngImage::readMetadata: Found IEND chunk (lenght: " << dataOffset << ")\n"; + std::cout << "Exiv2::PngImage::readMetadata: Found IEND chunk (length: " << dataOffset << ")\n"; #endif return; } else if (!memcmp(cheaderBuf.pData_ + 4, "IHDR", 4)) { #ifdef DEBUG - std::cout << "Exiv2::PngImage::readMetadata: Found IHDR chunk (lenght: " << dataOffset << ")\n"; + std::cout << "Exiv2::PngImage::readMetadata: Found IHDR chunk (length: " << dataOffset << ")\n"; #endif PngChunk::decodeIHDRChunk(cdataBuf, &pixelWidth_, &pixelHeight_); } else if (!memcmp(cheaderBuf.pData_ + 4, "tEXt", 4)) { #ifdef DEBUG - std::cout << "Exiv2::PngImage::readMetadata: Found tEXt chunk (lenght: " << dataOffset << ")\n"; + std::cout << "Exiv2::PngImage::readMetadata: Found tEXt chunk (length: " << dataOffset << ")\n"; #endif PngChunk::decodeTXTChunk(this, cdataBuf, PngChunk::tEXt_Chunk); } else if (!memcmp(cheaderBuf.pData_ + 4, "zTXt", 4)) { #ifdef DEBUG - std::cout << "Exiv2::PngImage::readMetadata: Found zTXt chunk (lenght: " << dataOffset << ")\n"; + std::cout << "Exiv2::PngImage::readMetadata: Found zTXt chunk (length: " << dataOffset << ")\n"; #endif PngChunk::decodeTXTChunk(this, cdataBuf, PngChunk::zTXt_Chunk); } else if (!memcmp(cheaderBuf.pData_ + 4, "iTXt", 4)) { #ifdef DEBUG - std::cout << "Exiv2::PngImage::readMetadata: Found iTXt chunk (lenght: " << dataOffset << ")\n"; + std::cout << "Exiv2::PngImage::readMetadata: Found iTXt chunk (length: " << dataOffset << ")\n"; #endif PngChunk::decodeTXTChunk(this, cdataBuf, PngChunk::iTXt_Chunk); } @@ -270,7 +266,7 @@ namespace Exiv2 { { // Last chunk found: we write it and done. #ifdef DEBUG - std::cout << "Exiv2::PngImage::doWriteMetadata: Write IEND chunk (lenght: " << dataOffset << ")\n"; + std::cout << "Exiv2::PngImage::doWriteMetadata: Write IEND chunk (length: " << dataOffset << ")\n"; #endif if (outIo.write(chunkBuf.pData_, chunkBuf.size_) != chunkBuf.size_) throw Error(21); return; @@ -278,7 +274,7 @@ namespace Exiv2 { else if (!memcmp(cheaderBuf.pData_ + 4, "IHDR", 4)) { #ifdef DEBUG - std::cout << "Exiv2::PngImage::doWriteMetadata: Write IHDR chunk (lenght: " << dataOffset << ")\n"; + std::cout << "Exiv2::PngImage::doWriteMetadata: Write IHDR chunk (length: " << dataOffset << ")\n"; #endif if (outIo.write(chunkBuf.pData_, chunkBuf.size_) != chunkBuf.size_) throw Error(21); @@ -362,7 +358,7 @@ namespace Exiv2 { { #ifdef DEBUG std::cout << "Exiv2::PngImage::doWriteMetadata: write " << cheaderBuf.pData_ + 4 - << " chunk (lenght: " << dataOffset << ")\n"; + << " chunk (length: " << dataOffset << ")\n"; #endif if (outIo.write(chunkBuf.pData_, chunkBuf.size_) != chunkBuf.size_) throw Error(21); } @@ -372,7 +368,7 @@ namespace Exiv2 { // Write all others chunk as well. #ifdef DEBUG std::cout << "Exiv2::PngImage::doWriteMetadata: write " << cheaderBuf.pData_ + 4 - << " chunk (lenght: " << dataOffset << ")\n"; + << " chunk (length: " << dataOffset << ")\n"; #endif if (outIo.write(chunkBuf.pData_, chunkBuf.size_) != chunkBuf.size_) throw Error(21);