diff --git a/include/exiv2/types.hpp b/include/exiv2/types.hpp index f68303f6..56533a36 100644 --- a/include/exiv2/types.hpp +++ b/include/exiv2/types.hpp @@ -211,7 +211,7 @@ namespace Exiv2 { //! Default constructor DataBuf() : pData_(0), size_(0) {} //! Constructor with an initial buffer size - explicit DataBuf(long size) : pData_(new byte[size]), size_(size) {} + explicit DataBuf(long size) : pData_(new byte[size]()), size_(size) {} //! Constructor, copies an existing buffer DataBuf(const byte* pData, long size); /*! diff --git a/src/bigtiffimage.cpp b/src/bigtiffimage.cpp index d80e2c51..e3468bdc 100644 --- a/src/bigtiffimage.cpp +++ b/src/bigtiffimage.cpp @@ -7,6 +7,7 @@ #include "exif.hpp" #include "error.hpp" #include "image_int.hpp" +#include "enforce.hpp" namespace Exiv2 @@ -251,8 +252,12 @@ namespace Exiv2 // size * count > std::numeric_limits::max() // => // size > std::numeric_limits::max() / count - if (size > std::numeric_limits::max() / count) - throw Error(kerInvalidMalloc); // we got number bigger than 2^64 + // (don't perform that check when count == 0 => will cause a division by zero exception) + if (count != 0) { + if (size > std::numeric_limits::max() / count) { + throw Error(kerInvalidMalloc); // we got number bigger than 2^64 + } + } // more than we can handle if (size * count > std::numeric_limits::max() - pad) @@ -407,20 +412,20 @@ namespace Exiv2 uint64_t readData(int size) const { const DataBuf data = Image::io().read(size); - assert(data.size_ != 0); + enforce(data.size_ != 0, kerCorruptedMetadata); uint64_t result = 0; - if (size == 1) - {} - else if (size == 2) + if (data.size_ == 1) + {} + else if (data.size_ == 2) result = byteSwap2(data, 0, doSwap_); - else if (size == 4) + else if (data.size_ == 4) result = byteSwap4(data, 0, doSwap_); - else if (size == 8) + else if (data.size_ == 8) result = byteSwap8(data, 0, doSwap_); else - assert(!"unexpected size"); + throw Exiv2::Error(kerCorruptedMetadata); return result; } diff --git a/src/cr2image.cpp b/src/cr2image.cpp index d9f6b149..fcfff75b 100644 --- a/src/cr2image.cpp +++ b/src/cr2image.cpp @@ -102,8 +102,6 @@ namespace Exiv2 { throw Error(kerNotAnImage, "CR2"); } clearMetadata(); - std::ofstream devnull; - printStructure(devnull, kpsRecursive, 0); ByteOrder bo = Cr2Parser::decode(exifData_, iptcData_, xmpData_, diff --git a/src/crwimage.cpp b/src/crwimage.cpp index b7871468..d1124992 100644 --- a/src/crwimage.cpp +++ b/src/crwimage.cpp @@ -101,15 +101,8 @@ namespace Exiv2 { throw Error(kerNotACrwImage); } clearMetadata(); - // read all metadata into memory - // we should put this into clearMetadata(), however it breaks the test suite! - try { - std::ofstream devnull; - printStructure(devnull,kpsRecursive,0); - } catch (Exiv2::Error& /* e */) { - DataBuf file( (long) io().size()); - io_->read(file.pData_,file.size_); - } + DataBuf file( (long) io().size()); + io_->read(file.pData_,file.size_); CrwParser::decode(this, io_->mmap(), (uint32_t) io_->size()); diff --git a/src/orfimage.cpp b/src/orfimage.cpp index 3177e360..8a36a6bb 100644 --- a/src/orfimage.cpp +++ b/src/orfimage.cpp @@ -114,8 +114,6 @@ namespace Exiv2 { throw Error(kerNotAnImage, "ORF"); } clearMetadata(); - std::ofstream devnull; - printStructure(devnull, kpsRecursive, 0); ByteOrder bo = OrfParser::decode(exifData_, iptcData_, xmpData_, diff --git a/src/rw2image.cpp b/src/rw2image.cpp index ae489682..faf51261 100644 --- a/src/rw2image.cpp +++ b/src/rw2image.cpp @@ -125,8 +125,6 @@ namespace Exiv2 { throw Error(kerNotAnImage, "RW2"); } clearMetadata(); - std::ofstream devnull; - printStructure(devnull, kpsRecursive, 0); ByteOrder bo = Rw2Parser::decode(exifData_, iptcData_, xmpData_, diff --git a/src/tiffimage.cpp b/src/tiffimage.cpp index 529ba4a3..a69c7afd 100644 --- a/src/tiffimage.cpp +++ b/src/tiffimage.cpp @@ -180,10 +180,6 @@ namespace Exiv2 { } clearMetadata(); - // recursively print the structure to /dev/null to ensure all metadata is in memory - // must be recursive to handle NEFs which stores the raw image in a subIFDs - std::ofstream devnull; - printStructure(devnull,kpsRecursive); ByteOrder bo = TiffParser::decode(exifData_, iptcData_, xmpData_, @@ -195,7 +191,7 @@ namespace Exiv2 { Exiv2::ExifKey key("Exif.Image.InterColorProfile"); Exiv2::ExifData::iterator pos = exifData_.findKey(key); if ( pos != exifData_.end() ) { - iccProfile_.alloc(pos->count()); + iccProfile_.alloc(pos->count()*pos->typeSize()); pos->copy(iccProfile_.pData_,bo); } diff --git a/test/Makefile b/test/Makefile index 7216bdcd..c0811fe6 100644 --- a/test/Makefile +++ b/test/Makefile @@ -62,7 +62,6 @@ SVN = svn://dev.exiv2.org/svn/testdata/trunk ## # Add test drivers to this list TESTS = addmoddel.sh \ - bugfixes-test.sh \ conversions.sh \ exifdata-test.sh \ exiv2-test.sh \ @@ -171,4 +170,4 @@ maintainer-clean: distclean rm -rf $(top_srcdir)/data/video $(top_srcdir)/test/data/eps # That's all Folks! -## \ No newline at end of file +## diff --git a/test/data/7-printIFD-divbyzero-1 b/test/data/7-printIFD-divbyzero-1 new file mode 100644 index 00000000..3a095024 Binary files /dev/null and b/test/data/7-printIFD-divbyzero-1 differ diff --git a/tests/bugfixes/github/test_CVE_2017_1000127.py b/tests/bugfixes/github/test_CVE_2017_1000127.py index bdb5642b..a8d9f5ea 100644 --- a/tests/bugfixes/github/test_CVE_2017_1000127.py +++ b/tests/bugfixes/github/test_CVE_2017_1000127.py @@ -8,9 +8,37 @@ class TestPoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/176" filename = "$data_path/heap-oob-write.tiff" - commands = ["$exiv2 " + filename] - stdout = [""] - stderr = ["""$exiv2_exception_message """ + filename + """: -$kerInvalidMalloc -"""] - retval = [1] + commands = ["$exiv2 $filename"] + stdout = [ + """File name : $filename +File size : 310 Bytes +MIME type : image/tiff +Image size : 200 x 130 +Camera make : +Camera model : +Image timestamp : +Image number : +Exposure time : +Aperture : +Exposure bias : +Flash : +Flash bias : +Focal length : +Subject distance: +ISO speed : +Exposure mode : +Metering mode : +Macro mode : +Image quality : +Exif Resolution : 200 x 130 +White balance : +Thumbnail : None +Copyright : +Exif comment : + +""" + ] + stderr = ["ignored"] + retval = [0] + + compare_stderr = system_tests.check_no_ASAN_UBSAN_errors diff --git a/tests/bugfixes/github/test_CVE_2017_11336.py b/tests/bugfixes/github/test_CVE_2017_11336.py index 91466757..943cb8ff 100644 --- a/tests/bugfixes/github/test_CVE_2017_11336.py +++ b/tests/bugfixes/github/test_CVE_2017_11336.py @@ -8,10 +8,38 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/49" filename = "$data_path/POC2" - commands = ["$exiv2 " + filename] - retval = [1] - stdout = [""] + commands = ["$exiv2 $filename"] + retval = [0] + stdout = ["""File name : $filename +File size : 60 Bytes +MIME type : image/tiff +Image size : 0 x 0 +Camera make : +Camera model : +Image timestamp : +Image number : +Exposure time : +Aperture : +Exposure bias : +Flash : +Flash bias : +Focal length : +Subject distance: +ISO speed : +Exposure mode : +Metering mode : +Macro mode : +Image quality : +Exif Resolution : +White balance : +Thumbnail : None +Copyright : +Exif comment : + +""" + ] stderr = [ - """$exiv2_exception_message """ + filename + """: -$kerInvalidMalloc + """Error: Directory Image, entry 0x0000 has invalid size 4294967295*8; skipping entry. +Error: Directory Image, entry 0x0000 has invalid size 1229524224*4; skipping entry. +Error: Directory Image, entry 0x0000 has invalid size 1229520896*8; skipping entry. """] diff --git a/tests/bugfixes/github/test_CVE_2017_11337.py b/tests/bugfixes/github/test_CVE_2017_11337.py index dc3cfca5..0e646ccf 100644 --- a/tests/bugfixes/github/test_CVE_2017_11337.py +++ b/tests/bugfixes/github/test_CVE_2017_11337.py @@ -8,9 +8,17 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/50" filename = "$data_path/POC3" - commands = ["$exiv2 " + filename] - stdout = [""] - stderr = ["""$exiv2_exception_message """ + filename + """: -$kerInvalidMalloc -"""] - retval = [1] + commands = ["$exiv2 $filename"] + stdout = [ + """File name : $filename +File size : 28 Bytes +MIME type : image/tiff +Image size : 0 x 0 +""" + ] + stderr = [ + """Error: Directory Image, entry 0x0144 has invalid size 4294967295*8; skipping entry. +$filename: No Exif data found in the file +""" + ] + retval = ["$no_exif_data_found_retval"] diff --git a/tests/bugfixes/github/test_CVE_2017_11338.py b/tests/bugfixes/github/test_CVE_2017_11338.py index 9b6d1153..96b5b86c 100644 --- a/tests/bugfixes/github/test_CVE_2017_11338.py +++ b/tests/bugfixes/github/test_CVE_2017_11338.py @@ -8,9 +8,18 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/51" filename = "$data_path/POC4" - commands = ["$exiv2 " + filename] - stdout = [""] - stderr = ["""$exiv2_exception_message """ + filename + """: -$kerInvalidMalloc -"""] - retval = [1] + commands = ["$exiv2 $filename"] + stdout = [ + """File name : $filename +File size : 35 Bytes +MIME type : image/x-panasonic-rw2 +Image size : 0 x 0 +""" + ] + stderr = [ + """Warning: Directory PanasonicRaw has an unexpected next pointer; ignored. +Error: Directory PanasonicRaw, entry 0x002e has invalid size 4294967295*1; skipping entry. +$filename: No Exif data found in the file +""" + ] + retval = ["$no_exif_data_found_retval"] diff --git a/tests/bugfixes/github/test_CVE_2017_11339.py b/tests/bugfixes/github/test_CVE_2017_11339.py index 20fdd682..de2fa373 100644 --- a/tests/bugfixes/github/test_CVE_2017_11339.py +++ b/tests/bugfixes/github/test_CVE_2017_11339.py @@ -8,9 +8,37 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/52" filename = "$data_path/POC5" - commands = ["$exiv2 " + filename] - stdout = [""] - stderr = ["""$exiv2_exception_message """ + filename + """: -$kerInvalidMalloc + commands = ["$exiv2 $filename"] + stdout = ["""File name : $filename +File size : 60 Bytes +MIME type : image/x-olympus-orf +Image size : 0 x 0 +Camera make : +Camera model : +Image timestamp : +Image number : +Exposure time : +Aperture : +Exposure bias : +Flash : +Flash bias : +Focal length : +Subject distance: +ISO speed : +Exposure mode : +Metering mode : +Macro mode : +Image quality : +Exif Resolution : +White balance : +Thumbnail : None +Copyright : +Exif comment : + """] - retval = [1] + stderr = [ + """Error: Directory Image, entry 0xcf45 has invalid size 4294967292*4; skipping entry. +Error: Offset of directory Image, entry 0x8000 is out of bounds: Offset = 0x0012ff00; truncating the entry +""" + ] + retval = [0] diff --git a/tests/bugfixes/github/test_CVE_2017_11340.py b/tests/bugfixes/github/test_CVE_2017_11340.py index 497b7871..d550d55e 100644 --- a/tests/bugfixes/github/test_CVE_2017_11340.py +++ b/tests/bugfixes/github/test_CVE_2017_11340.py @@ -8,9 +8,38 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/53" filename = "$data_path/POC6" - commands = ["$exiv2 " + filename] - stdout = [""] - stderr = ["""$exiv2_exception_message """ + filename + """: -$kerInvalidMalloc + commands = ["$exiv2 $filename"] + stdout = ["""File name : $filename +File size : 60 Bytes +MIME type : image/x-olympus-orf +Image size : 0 x 0 +Camera make : +Camera model : +Image timestamp : +Image number : +Exposure time : +Aperture : +Exposure bias : +Flash : +Flash bias : +Focal length : +Subject distance: +ISO speed : +Exposure mode : +Metering mode : +Macro mode : +Image quality : +Exif Resolution : +White balance : +Thumbnail : None +Copyright : +Exif comment : + """] - retval = [1] + stderr = [ + """Error: Directory Image, entry 0x0000 has invalid size 4294967295*1; skipping entry. +Error: Offset of directory Image, entry 0x0000 is out of bounds: Offset = 0x7e000000; truncating the entry +Error: Offset of directory Image, entry 0x0111 is out of bounds: Offset = 0x7e000000; truncating the entry +""" + ] + retval = [0] diff --git a/tests/bugfixes/github/test_CVE_2017_11553.py b/tests/bugfixes/github/test_CVE_2017_11553.py index 17d56e87..6d1a5711 100644 --- a/tests/bugfixes/github/test_CVE_2017_11553.py +++ b/tests/bugfixes/github/test_CVE_2017_11553.py @@ -8,9 +8,41 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/54" filename = "$data_path/POC7" - commands = ["$exiv2 " + filename] - stdout = [""] - stderr = ["""$exiv2_exception_message """ + filename + """: -$kerInvalidMalloc -"""] - retval = [1] + commands = ["$exiv2 $filename"] + stdout = [ + """File name : $filename +File size : 632 Bytes +MIME type : image/tiff +Image size : 0 x 0 +Camera make : +Camera model : +Image timestamp : +Image number : +Exposure time : +Aperture : +Exposure bias : +Flash : +Flash bias : +Focal length : +Subject distance: +ISO speed : +Exposure mode : +Metering mode : +Macro mode : +Image quality : +Exif Resolution : +White balance : +Thumbnail : None +Copyright : +Exif comment : + +""" + ] + stderr = [ + """Error: Directory Image, entry 0x0000 has invalid size 1229520896*8; skipping entry. +Error: Directory Image, entry 0x0000 has invalid size 1447624704*8; skipping entry. +Error: Directory Image, entry 0x0111 has invalid size 4294967295*2; skipping entry. +Warning: Directory Image, entry 0x0111: Size or data offset value not set, ignoring them. +""" + ] + retval = [0] diff --git a/tests/bugfixes/github/test_CVE_2017_11591.py b/tests/bugfixes/github/test_CVE_2017_11591.py index 83ca8d9f..b701a666 100644 --- a/tests/bugfixes/github/test_CVE_2017_11591.py +++ b/tests/bugfixes/github/test_CVE_2017_11591.py @@ -8,9 +8,37 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/55" filename = "$data_path/POC8" - commands = ["$exiv2 " + filename] - stdout = [""] - stderr = ["""$exiv2_exception_message """ + filename + """: -$kerInvalidMalloc -"""] - retval = [1] + commands = ["$exiv2 $filename"] + stdout = [ + """File name : $filename +File size : 2044 Bytes +MIME type : image/tiff +Image size : 0 x 0 +Camera make : +Camera model : +Image timestamp : +Image number : +Exposure time : +Aperture : +Exposure bias : +Flash : +Flash bias : +Focal length : +Subject distance: +ISO speed : +Exposure mode : +Metering mode : +Macro mode : +Image quality : +Exif Resolution : +White balance : +Thumbnail : None +Copyright : +Exif comment : + +""" + ] + stderr = ["ignored"] + retval = [0] + + compare_stderr = system_tests.check_no_ASAN_UBSAN_errors diff --git a/tests/bugfixes/github/test_CVE_2017_11592.py b/tests/bugfixes/github/test_CVE_2017_11592.py index 49273031..bd9d9c1a 100644 --- a/tests/bugfixes/github/test_CVE_2017_11592.py +++ b/tests/bugfixes/github/test_CVE_2017_11592.py @@ -8,9 +8,40 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/56" filename = "$data_path/POC9" - commands = ["$exiv2 " + filename] - stdout = [""""""] - stderr = ["""$exiv2_exception_message """ + filename + """: -$kerInvalidMalloc -"""] - retval = [1] + commands = ["$exiv2 $filename"] + stdout = [ + """File name : $filename +File size : 523 Bytes +MIME type : image/tiff +Image size : 0 x 0 +Camera make : +Camera model : +Image timestamp : +Image number : +Exposure time : +Aperture : +Exposure bias : +Flash : +Flash bias : +Focal length : +Subject distance: +ISO speed : +Exposure mode : +Metering mode : +Macro mode : +Image quality : +Exif Resolution : +White balance : +Thumbnail : None +Copyright : +Exif comment : + +""" + ] + stderr = [ + """Error: Upper boundary of data for directory Image, entry 0x02bc is out of bounds: Offset = 0x00000001, size = 5852, exceeds buffer size by 5330 Bytes; truncating the entry +Error: Directory Thumbnail: Next pointer is out of bounds; ignored. +Error: Directory Thumbnail, entry 0x02bc has invalid size 4294967295*2; skipping entry. +""" + ] + retval = [0] diff --git a/tests/bugfixes/github/test_CVE_2017_11683.py b/tests/bugfixes/github/test_CVE_2017_11683.py index e00a8be3..0b6bf71a 100644 --- a/tests/bugfixes/github/test_CVE_2017_11683.py +++ b/tests/bugfixes/github/test_CVE_2017_11683.py @@ -8,10 +8,37 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/57" filename = "$data_path/POC" - commands = ["$exiv2 " + filename] - stdout = [""] - stderr = ["""$kerInvalidTypeValue: 0 -$exiv2_exception_message """ + filename + """: -$kerInvalidTypeValue -"""] - retval = [1] + commands = ["$exiv2 $filename"] + stdout = [ + """File name : $filename +File size : 712 Bytes +MIME type : image/tiff +Image size : 0 x 0 +Camera make : +Camera model : +Image timestamp : +Image number : +Exposure time : +Aperture : +Exposure bias : +Flash : +Flash bias : +Focal length : +Subject distance: +ISO speed : +Exposure mode : +Metering mode : +Macro mode : +Image quality : +Exif Resolution : +White balance : +Thumbnail : None +Copyright : +Exif comment : + +""" + ] + stderr = ["ignored"] + retval = [0] + + compare_stderr = system_tests.check_no_ASAN_UBSAN_errors diff --git a/tests/bugfixes/github/test_CVE_2017_12955.py b/tests/bugfixes/github/test_CVE_2017_12955.py index 80e42013..2d945fa4 100644 --- a/tests/bugfixes/github/test_CVE_2017_12955.py +++ b/tests/bugfixes/github/test_CVE_2017_12955.py @@ -8,9 +8,22 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/58" filename = "$data_path/POC11" - commands = ["$exiv2 " + filename] - stdout = [""] - stderr = ["""$exiv2_exception_message """ + filename + """: -$kerInvalidMalloc + commands = ["$exiv2 $filename"] + stdout = [ + """File name : $filename +File size : 100 Bytes +MIME type : image/pgf +Image size : 131345 x 65536 +""" + ] + stderr = ["""Error: Directory Image: Next pointer is out of bounds; ignored. +Error: Directory Image, entry 0x0000 has invalid size 3402235904*1; skipping entry. +Error: Directory Image, entry 0x014a has invalid size 4294967295*1; skipping entry. +Warning: Directory Image, entry 0x014a doesn't look like a sub-IFD. +Warning: Directory Image, entry 0x4720 has unknown Exif (TIFF) type 60362; setting type size 1. +Error: Directory Image, entry 0x4720 has invalid size 1330792777*1; skipping entry. +Warning: Directory Image, entry 0x0001 has unknown Exif (TIFF) type 0; setting type size 1. +Error: Directory Image, entry 0x0001 has invalid size 3401632458*1; skipping entry. +$filename: No Exif data found in the file """] - retval = [1] + retval = ["$no_exif_data_found_retval"] diff --git a/tests/bugfixes/github/test_CVE_2017_12956.py b/tests/bugfixes/github/test_CVE_2017_12956.py index 5a956ea6..779a89ba 100644 --- a/tests/bugfixes/github/test_CVE_2017_12956.py +++ b/tests/bugfixes/github/test_CVE_2017_12956.py @@ -8,9 +8,40 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/59" filename = "$data_path/POC12" - commands = ["$exiv2 " + filename] - stdout = [""] - stderr = ["""$exiv2_exception_message """ + filename + """: -$kerInvalidMalloc -"""] - retval = [1] + commands = ["$exiv2 $filename"] + stdout = [ + """File name : $filename +File size : 68 Bytes +MIME type : image/x-olympus-orf +Image size : 0 x 0 +Camera make : +Camera model : +Image timestamp : +Image number : +Exposure time : +Aperture : +Exposure bias : +Flash : +Flash bias : +Focal length : +Subject distance: +ISO speed : +Exposure mode : +Metering mode : +Macro mode : +Image quality : +Exif Resolution : +White balance : +Thumbnail : None +Copyright : +Exif comment : + +""" + ] + stderr = [ + """Error: Offset of directory Image, entry 0x0111 is out of bounds: Offset = 0x00001b15; truncating the entry +Warning: Directory Image, entry 0x0111: Size and data offset entries have different number of components, ignoring them. +Error: Directory Image, entry 0x010f has invalid size 2147483647*2; skipping entry. +""" + ] + retval = [0] diff --git a/tests/bugfixes/github/test_CVE_2017_12957.py b/tests/bugfixes/github/test_CVE_2017_12957.py index 1b8e4a01..98e1b27a 100644 --- a/tests/bugfixes/github/test_CVE_2017_12957.py +++ b/tests/bugfixes/github/test_CVE_2017_12957.py @@ -8,9 +8,41 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/60" filename = "$data_path/POC13" - commands = ["$exiv2 " + filename] - stdout = [""] - stderr = ["""$exiv2_exception_message """ + filename + """: -$kerInvalidMalloc -"""] - retval = [1] + commands = ["$exiv2 $filename"] + stdout = [ + """File name : $filename +File size : 60 Bytes +MIME type : image/x-olympus-orf +Image size : 0 x 0 +Camera make : +Camera model : +Image timestamp : +Image number : +Exposure time : +Aperture : +Exposure bias : +Flash : +Flash bias : +Focal length : +Subject distance: +ISO speed : +Exposure mode : +Metering mode : +Macro mode : +Image quality : +Exif Resolution : +White balance : +Thumbnail : None +Copyright : +Exif comment : + +""" + ] + stderr = [ + """Error: Offset of directory Image, entry 0x0000 is out of bounds: Offset = 0x7e000000; truncating the entry +Error: Offset of directory Image, entry 0x0117 is out of bounds: Offset = 0x4f524900; truncating the entry +Error: Directory Image, entry 0x0004 has invalid size 4294967289*2; skipping entry. +Error: Offset of directory Image, entry 0x0100 is out of bounds: Offset = 0x0012ff00; truncating the entry +""" + ] + retval = [0] diff --git a/tests/bugfixes/github/test_CVE_2017_14857.py b/tests/bugfixes/github/test_CVE_2017_14857.py index 84a07c42..b70d18dd 100644 --- a/tests/bugfixes/github/test_CVE_2017_14857.py +++ b/tests/bugfixes/github/test_CVE_2017_14857.py @@ -8,10 +8,52 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/76" filename = "$data_path/010_bad_free" - commands = ["$exiv2 " + filename] - retval = [1] - stdout = [""] + commands = ["$exiv2 $filename"] + retval = [0] + stdout = [ + """File name : $filename +File size : 20274 Bytes +MIME type : image/tiff +Image size : 12336 x 12336 +Camera make : 00000000 +Camera model : 000000000000 +Image timestamp : +Image number : +Exposure time : +Aperture : +Exposure bias : +Flash : +Flash bias : +Focal length : +Subject distance: +ISO speed : +Exposure mode : +Metering mode : +Macro mode : +Image quality : +Exif Resolution : 12336 x 12336 +White balance : +Thumbnail : None +Copyright : 00000 +Exif comment : + +""" + ] stderr = [ - """$exiv2_exception_message """ + filename + """: -$kerInvalidMalloc -"""] + """Warning: Directory Image, entry 0x0111: Strip 0 is outside of the data area; ignored. +Warning: Directory Image, entry 0x0111: Strip 1 is outside of the data area; ignored. +Warning: Directory Image, entry 0x0111: Strip 2 is outside of the data area; ignored. +Warning: Directory Image, entry 0x0111: Strip 3 is outside of the data area; ignored. +Warning: Directory Image, entry 0x0111: Strip 4 is outside of the data area; ignored. +Warning: Directory Image, entry 0x0111: Strip 5 is outside of the data area; ignored. +Warning: Directory Image, entry 0x0111: Strip 6 is outside of the data area; ignored. +Warning: Directory Image, entry 0x0111: Strip 7 is outside of the data area; ignored. +Warning: Directory Image, entry 0x0111: Strip 8 is outside of the data area; ignored. +Warning: Directory Image, entry 0x0111: Strip 9 is outside of the data area; ignored. +Error: Offset of directory Image, entry 0x0132 is out of bounds: Offset = 0x30003030; truncating the entry +Error: Directory Image, entry 0x8649 has invalid size 4294967295*1; skipping entry. +Error: Directory Image, entry 0x8769 Sub-IFD pointer 0 is out of bounds; ignoring it. +Error: XMP Toolkit error 201: XML parsing failure +Warning: Failed to decode XMP metadata. +""" + ] diff --git a/tests/bugfixes/github/test_CVE_2017_14858.py b/tests/bugfixes/github/test_CVE_2017_14858.py index 09572ee6..d08bd805 100644 --- a/tests/bugfixes/github/test_CVE_2017_14858.py +++ b/tests/bugfixes/github/test_CVE_2017_14858.py @@ -8,9 +8,43 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/138" filename = "$data_path/007-heap-buffer-over" - commands = ["$exiv2 " + filename] - stdout = [""] - stderr = ["""$exiv2_exception_message """ + filename + """: -$kerInvalidMalloc -"""] - retval = [1] + commands = ["$exiv2 $filename"] + stdout = [ + """File name : $filename +File size : 331696 Bytes +MIME type : image/tiff +Image size : 0 x 12336 +Camera make : 0000 +Camera model : 0000000000000 +Image timestamp : +Image number : +Exposure time : +Aperture : +Exposure bias : +Flash : +Flash bias : +Focal length : +Subject distance: +ISO speed : +Exposure mode : +Metering mode : +Macro mode : +Image quality : +Exif Resolution : +White balance : +Thumbnail : None +Copyright : +Exif comment : + +""" + ] + stderr = [ + """Error: Offset of directory Image, entry 0x0100 is out of bounds: Offset = 0x30303030; truncating the entry +Warning: Directory Image, entry 0x0111: Strip 17 is outside of the data area; ignored. +Error: Directory Photo with 8224 entries considered invalid; not read. +Warning: Removing 913 characters from the beginning of the XMP packet +Error: XMP Toolkit error 201: XML parsing failure +Warning: Failed to decode XMP metadata. +""" + ] + retval = [0] diff --git a/tests/bugfixes/github/test_CVE_2017_14861.py b/tests/bugfixes/github/test_CVE_2017_14861.py index 5e4cf362..ee98780e 100644 --- a/tests/bugfixes/github/test_CVE_2017_14861.py +++ b/tests/bugfixes/github/test_CVE_2017_14861.py @@ -11,9 +11,42 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): ] filename = "$data_path/009-stack-over" - commands = ["$exiv2 " + filename] - stdout = [""] - stderr = ["""$exiv2_exception_message """ + filename + """: -$kerInvalidMalloc -"""] - retval = [1] + commands = ["$exiv2 $filename"] + stdout = ["""File name : $filename +File size : 340 Bytes +MIME type : image/tiff +Image size : 0 x 0 +Camera make : +Camera model : +Image timestamp : +Image number : +Exposure time : +Aperture : +Exposure bias : +Flash : +Flash bias : +Focal length : +Subject distance: +ISO speed : +Exposure mode : +Metering mode : +Macro mode : +Image quality : +Exif Resolution : +White balance : +Thumbnail : None +Copyright : +Exif comment : + +""" + ] + stderr = [ + """Error: Directory Image: Next pointer is out of bounds; ignored. +Error: Offset of directory Image, entry 0x00fe is out of bounds: Offset = 0x00000000; truncating the entry +Error: Directory Image, entry 0x0100 has invalid size 1935897193*2; skipping entry. +Warning: Directory Image, entry 0x303e has unknown Exif (TIFF) type 12320; setting type size 1. +Error: Offset of directory Image, entry 0x0116 is out of bounds: Offset = 0x0011302a; truncating the entry +Warning: Directory Image, entry 0x0111: Strip 0 is outside of the data area; ignored. +""" + ] + retval = [0] diff --git a/tests/bugfixes/github/test_CVE_2017_14863.py b/tests/bugfixes/github/test_CVE_2017_14863.py index 78b4c101..ff95e2ef 100644 --- a/tests/bugfixes/github/test_CVE_2017_14863.py +++ b/tests/bugfixes/github/test_CVE_2017_14863.py @@ -8,9 +8,39 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/132" filename = "$data_path/01-Null-exiv2-poc" - commands = ["$exiv2 " + filename] - stdout = [""] - stderr = ["""$exiv2_exception_message """ + filename + """: -$kerInvalidMalloc -"""] - retval = [1] + commands = ["$exiv2 $filename"] + stdout = [ + """File name : $filename +File size : 24550 Bytes +MIME type : image/tiff +Image size : 12336 x 12336 +Camera make : +Camera model : +Image timestamp : +Image number : +Exposure time : +Aperture : +Exposure bias : +Flash : +Flash bias : +Focal length : +Subject distance: +ISO speed : +Exposure mode : +Metering mode : +Macro mode : +Image quality : +Exif Resolution : 12336 x 12336 +White balance : +Thumbnail : None +Copyright : +Exif comment : + +""" + ] + stderr = [ + """Warning: Directory Image, entry 0x0144: Strip 0 is outside of the data area; ignored. +Error: Directory Image, entry 0x87b1 has invalid size 4294967295*1; skipping entry. +""" + ] + retval = [0] diff --git a/tests/bugfixes/github/test_CVE_2017_14865.py b/tests/bugfixes/github/test_CVE_2017_14865.py index 9392c051..6e070690 100644 --- a/tests/bugfixes/github/test_CVE_2017_14865.py +++ b/tests/bugfixes/github/test_CVE_2017_14865.py @@ -8,10 +8,37 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/134" filename = "$data_path/004-heap-buffer-over" - commands = ["$exiv2 " + filename] - stdout = [""] - stderr = ["""$kerInvalidTypeValue: 250 -$exiv2_exception_message """ + filename + """: -$kerInvalidTypeValue -"""] - retval = [1] + commands = ["$exiv2 $filename"] + stdout = [ + """File name : $filename +File size : 352222 Bytes +MIME type : image/tiff +Image size : 17 x 12288 +Camera make : +Camera model : +Image timestamp : +Image number : +Exposure time : +Aperture : +Exposure bias : +Flash : +Flash bias : +Focal length : +Subject distance: +ISO speed : +Exposure mode : +Metering mode : +Macro mode : +Image quality : +Exif Resolution : 17 x 12288 +White balance : +Thumbnail : None +Copyright : +Exif comment : + +""" + ] + stderr = ["ignored"] + retval = [0] + + compare_stderr = system_tests.check_no_ASAN_UBSAN_errors diff --git a/tests/bugfixes/github/test_CVE_2017_14866.py b/tests/bugfixes/github/test_CVE_2017_14866.py index da4fdb81..09ab89d5 100644 --- a/tests/bugfixes/github/test_CVE_2017_14866.py +++ b/tests/bugfixes/github/test_CVE_2017_14866.py @@ -8,9 +8,37 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/140" filename = "$data_path/006-heap-buffer-over" - commands = ["$exiv2 " + filename] - stdout = [""] - stderr = ["""$exiv2_exception_message """ + filename + """: -$kerInvalidMalloc -"""] - retval = [1] + commands = ["$exiv2 $filename"] + stdout = [ + """File name : $filename +File size : 309965 Bytes +MIME type : image/tiff +Image size : 17 x 12305 +Camera make : +Camera model : +Image timestamp : +Image number : +Exposure time : +Aperture : +Exposure bias : +Flash : +Flash bias : +Focal length : +Subject distance: +ISO speed : +Exposure mode : +Metering mode : +Macro mode : +Image quality : +Exif Resolution : 17 x 12305 +White balance : +Thumbnail : None +Copyright : +Exif comment : + +""" + ] + stderr = ["ignored"] + retval = [0] + + compare_stderr = system_tests.check_no_ASAN_UBSAN_errors diff --git a/tests/bugfixes/github/test_CVE_2017_9953.py b/tests/bugfixes/github/test_CVE_2017_9953.py index 22af56d3..607d87ad 100644 --- a/tests/bugfixes/github/test_CVE_2017_9953.py +++ b/tests/bugfixes/github/test_CVE_2017_9953.py @@ -8,9 +8,15 @@ class TestCvePoC(metaclass=system_tests.CaseMeta): url = "https://github.com/Exiv2/exiv2/issues/144" filename = "$data_path/POC1" - commands = ["$exiv2 " + filename] - stdout = [""] - stderr = ["""$exiv2_exception_message """ + filename + """: -$kerInvalidMalloc -"""] - retval = [1] + commands = ["$exiv2 $filename"] + stdout = [ + """File name : $filename +File size : 26 Bytes +MIME type : image/tiff +Image size : 0 x 0 +""" + ] + stderr = [""] + retval = ["$no_exif_data_found_retval"] + + compare_stderr = system_tests.check_no_ASAN_UBSAN_errors diff --git a/tests/bugfixes/github/test_issue_159.py b/tests/bugfixes/github/test_issue_159.py index 820d32ab..72532550 100644 --- a/tests/bugfixes/github/test_issue_159.py +++ b/tests/bugfixes/github/test_issue_159.py @@ -12,11 +12,39 @@ class TestFirstPoC(metaclass=system_tests.CaseMeta): filename = "$data_path/printStructure" commands = ["$exiv2 " + filename] - stdout = [""] - stderr = ["""$exiv2_exception_message """ + filename + """: -$kerCorruptedMetadata -"""] - retval = [1] + stdout = [ + """File name : $filename +File size : 12357 Bytes +MIME type : image/tiff +Image size : 0 x 0 +Camera make : +Camera model : +Image timestamp : +Image number : +Exposure time : +Aperture : +Exposure bias : +Flash : +Flash bias : +Focal length : +Subject distance: +ISO speed : +Exposure mode : +Metering mode : +Macro mode : +Image quality : +Exif Resolution : +White balance : +Thumbnail : None +Copyright : +Exif comment : + +""" + ] + stderr = [""] + retval = [0] + + compare_stderr = system_tests.check_no_ASAN_UBSAN_errors # todo: diff --git a/tests/bugfixes/github/test_issue_262.py b/tests/bugfixes/github/test_issue_262.py new file mode 100644 index 00000000..eadfd91c --- /dev/null +++ b/tests/bugfixes/github/test_issue_262.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class DivByZeroInPrintIFD(metaclass=system_tests.CaseMeta): + + url = "https://github.com/Exiv2/exiv2/issues/262" + + filename = system_tests.path( + "$data_path/7-printIFD-divbyzero-1" + ) + commands = ["$exiv2 -pX $filename"] + stdout = [ + """STRUCTURE OF BIGTIFF FILE $filename + address | tag | type | count | offset | value + 10 | 0x0008 FlashSetting | unknown | 0 | | +""" + ] + stderr = [ + """$exiv2_exception_message $filename: +$kerCorruptedMetadata +""" + ] + retval = [1] diff --git a/tests/suite.conf b/tests/suite.conf index afee3fe2..36849618 100644 --- a/tests/suite.conf +++ b/tests/suite.conf @@ -30,3 +30,4 @@ exiv2_exception_message: Exiv2 exception in print action for file exiv2_overflow_exception_message: std::overflow_error exception in print action for file exception_in_extract: Exiv2 exception in extract action for file uncaught_exception: Uncaught exception: +no_exif_data_found_retval: 253 diff --git a/tests/system_tests.py b/tests/system_tests.py index be149c43..701b2cbb 100644 --- a/tests/system_tests.py +++ b/tests/system_tests.py @@ -927,6 +927,21 @@ def check_no_ASAN_UBSAN_errors(self, i, command, got_stderr, expected_stderr): It will not complain in all other cases, especially when expected_stderr and got_stderr do not match: >>> T.compare_stderr(0, "", "some output", "other output") + + This function also supports binary output: + >>> ASAN_ERROR = bytes("SUMMARY: AddressSanitizer: heap-buffer-overflow", encoding='ascii') + >>> T.compare_stderr(0, "", ASAN_ERROR, "other output") + Traceback (most recent call last): + .. + AssertionError: b'AddressSanitizer' unexpectedly found in b'SUMMARY: AddressSanitizer: heap-buffer-overflow' """ - self.assertNotIn("runtime error", got_stderr) - self.assertNotIn("AddressSanitizer", got_stderr) + UBSAN_MSG = "runtime error" + ASAN_MSG = "AddressSanitizer" + + if isinstance(got_stderr, bytes): + self.assertNotIn(UBSAN_MSG.encode('ascii'), got_stderr) + self.assertNotIn(ASAN_MSG.encode('ascii'), got_stderr) + return + + self.assertNotIn(UBSAN_MSG, got_stderr) + self.assertNotIn(ASAN_MSG, got_stderr)