From 78642f786a35c79a4eeca695fc0f2b7c4e012ec1 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Sat, 7 Oct 2023 21:18:58 +0100
Subject: [PATCH] Regression test for
 https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r

---
 test/data/issue_ghsa_hrw9_ggg3_3r4r_poc.jpg   | Bin 0 -> 65577 bytes
 .../github/test_issue_ghsa_hrw9_ggg3_3r4r.py  |  19 ++++++++++++++++++
 .../test_regression_allfiles.py               |   1 +
 3 files changed, 20 insertions(+)
 create mode 100644 test/data/issue_ghsa_hrw9_ggg3_3r4r_poc.jpg
 create mode 100644 tests/bugfixes/github/test_issue_ghsa_hrw9_ggg3_3r4r.py

diff --git a/test/data/issue_ghsa_hrw9_ggg3_3r4r_poc.jpg b/test/data/issue_ghsa_hrw9_ggg3_3r4r_poc.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..2fd8e6758b05306c3ec75d9aecf74bae53abcf5b
GIT binary patch
literal 65577
zcmeIuJx&5q7(mgF&W4(X!cY^iv6E1c7$=d0*jO{>0TX`SWSjyv;f5?&f^j7-K}pz!
zId=iKI1$lbwWqpz&%@ci9QS*V&&5kb+{ABmqFXk(EUJg;v0lDyQ+r#cb#<5wem>8G
z;?SmMmUp>XG<j9+(z4yW-p}vmbvi!nN7qTjM<>3%FGCR^K!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
N2oNAZfWW^H_yc1`AN&9S

literal 0
HcmV?d00001

diff --git a/tests/bugfixes/github/test_issue_ghsa_hrw9_ggg3_3r4r.py b/tests/bugfixes/github/test_issue_ghsa_hrw9_ggg3_3r4r.py
new file mode 100644
index 00000000..a054ba28
--- /dev/null
+++ b/tests/bugfixes/github/test_issue_ghsa_hrw9_ggg3_3r4r.py
@@ -0,0 +1,19 @@
+# -*- coding: utf-8 -*-
+
+from system_tests import CaseMeta, path
+
+class BrotliUncompressOutOfBoundsWrite(metaclass=CaseMeta):
+    """
+    Regression test for the bug described in:
+    https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r
+    """
+    url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r"
+
+    filename = path("$data_path/issue_ghsa_hrw9_ggg3_3r4r_poc.jpg")
+    commands = ["$exiv2 $filename"]
+    stdout = [""]
+    stderr = [
+"""Exiv2 exception in print action for file $filename:
+$kerFailedToReadImageData
+"""]
+    retval = [1]
diff --git a/tests/regression_tests/test_regression_allfiles.py b/tests/regression_tests/test_regression_allfiles.py
index 8ffce39c..426a0c36 100644
--- a/tests/regression_tests/test_regression_allfiles.py
+++ b/tests/regression_tests/test_regression_allfiles.py
@@ -116,6 +116,7 @@ def get_valid_files(data_dir):
         "issue_ghsa_583f_w9pm_99r2_poc.jp2",
         "issue_ghsa_7569_phvm_vwc2_poc.jp2",
         "issue_ghsa_mxw9_qx4c_6m8v_poc.jp2",
+        "issue_ghsa_hrw9_ggg3_3r4r_poc.jpg",
         "pocIssue283.jpg",
         "poc_1522.jp2",
         "xmpsdk.xmp",