Add regression test for CVE-2017-18005

7 years ago · 59b148aee9
parent d21e794239
commit 59b148aee9
2 changed files with 54 additions and 0 deletions
--- a/test/data/cve_2017_18005_reproducer.tiff
+++ b/test/data/cve_2017_18005_reproducer.tiff
--- a/tests/bugfixes/github/test_CVE_2017_18005.py
+++ b/tests/bugfixes/github/test_CVE_2017_18005.py
@ -0,0 +1,54 @@
+# -*- coding: utf-8 -*-
+
+import system_tests
+
+
+class TestPoC(system_tests.Case):
+
+    url = "https://github.com/Exiv2/exiv2/issues/168"
+
+    stderr_common = """Error: Directory Image: IFD exceeds data buffer, cannot read next pointer.
+Error: Offset of directory Image, entry 0x0117 is out of bounds: Offset = 0x30303030; truncating the entry
+""" + 12 * """Error: Offset of directory Image, entry 0x3030 is out of bounds: Offset = 0x30303030; truncating the entry
+"""
+
+    filename = "{data_path}/cve_2017_18005_reproducer.tiff"
+
+    commands = [
+        "{exiv2} -v pr -P EIXxgklnycsvth " + filename,
+        "{exiv2json} " + filename
+    ]
+
+    stdout = ["""File 1/1: """ + filename + """
+0x0117 Image        Exif.Image.StripByteCounts                   StripByteCounts             Strip Byte Count               SByte       0   0  
+
+""",
+    """{{
+	"Exif": {{
+		"Image": {{
+			"StripByteCounts": 0,
+			"0x3030": 0,
+			"0x3030": "",
+			"0x3030": 0,
+			"0x3030": 0,
+			"0x3030": 0,
+			"0x3030": 0,
+			"0x3030": 0,
+			"0x3030": 0,
+			"0x3030": 0,
+			"0x3030": 0,
+			"0x3030": 0,
+			"0x3030": 0,
+			"0x3030": 0
+		}}
+	}}
+}}
+"""
+    ]
+    stderr = [
+        stderr_common + filename + """: No IPTC data found in the file
+""" + filename + """: No XMP data found in the file
+""",
+        stderr_common
+    ]
+    retval = [0, 0]