From 5e6c2855ce98bd5fa89e84a51049cd3b90a5c140 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= Date: Mon, 25 Mar 2019 23:52:47 +0100 Subject: [PATCH 1/2] [NikonMakerNote] Fix overread in Nikon1MakerNote::print0x0088 This function was printing the string from the array of strings nikonFocusArea, but it wasn't verifying that the array index is actually valid. Now this function will output "Invalid value" instead of crashing. --- src/nikonmn_int.cpp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/nikonmn_int.cpp b/src/nikonmn_int.cpp index f60fd984..e038825a 100644 --- a/src/nikonmn_int.cpp +++ b/src/nikonmn_int.cpp @@ -370,8 +370,12 @@ namespace Exiv2 { const ExifData*) { if (value.count() >= 1) { - unsigned long focusArea = value.toLong(0); - os << nikonFocusarea[focusArea] ; + const unsigned long focusArea = value.toLong(0); + if (focusArea >= EXV_COUNTOF(nikonFocusarea)) { + os << "Invalid value"; + } else { + os << nikonFocusarea[focusArea]; + } } if (value.count() >= 2) { os << "; "; From 7bd929de31622a07bfc16f1c61b6c45e79e69cbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= Date: Mon, 25 Mar 2019 23:56:57 +0100 Subject: [PATCH 2/2] [tests] Add regression test for #756 --- test/data/NikonMakerNotePrint0x088_overread | Bin 0 -> 7784 bytes tests/bugfixes/github/test_issue_756.py | 20 ++++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 test/data/NikonMakerNotePrint0x088_overread create mode 100644 tests/bugfixes/github/test_issue_756.py diff --git a/test/data/NikonMakerNotePrint0x088_overread b/test/data/NikonMakerNotePrint0x088_overread new file mode 100644 index 0000000000000000000000000000000000000000..664bdc0c4d364031d919a0f6c144e05c7640877e GIT binary patch literal 7784 zcmbtZ2|U!>+dng7Uq-TLtVtU(W9Pb(Em=mk7O5;_XP6mFN=l1zl`WEzq7YH`Eor$C zDUp3iQVH2Yvd(*cgKph>-_QGh-}mwPo%224^PKZM=Q-zhKJ$Cf+v)GXnq7v*hM*fQ z0vJN?V>U7fa(4m1*mw(IgB&NoqR_AeAQnD65VOGgI(*hF<24Y1wI~cg!5Vqip_mzU z768+tD>xtWn^0n)dPVSXEEfPfzrZ0V^zvA!0+`Uu-;p^Cc>r(^XJX9L3ENm^03;cr z2ulFWjZKK=z(8GHQ4!!#KmwXaYJkFg21dqa7Lo)7RRz2vASmMTnu@BLcoj)JK~qUh zlb`|wK~mVVho9kyL^4ak~A_u-QPM0rA6fi@c8)^hWo&{o7h|fUGx`HDiMnf%FfjC(3FnIdJRfu`v zObCxe=mbFbBJ-p|A`I#v_&&sESH`}B_}q$b@a%yosDniO8RRcPZ(zlcc!o6qS|D)^ zVq~{FAx?%XSk<`>F^n4+g+%I#4++;W;4aih-Vfw-t-qJbE!`CtQ!Wd-68!=QmR*yVL4pwR=kq!HOXOrCSl3F=*chT^KmJil{e$`c6P!P$fZK^#xeAbtUA^26 zK;Kp`H)n`9t>_?rPokDL&kOQs^fKmKxnLQW6x3O*>3?0qC>V4U5(Ih|&;x8NEUYZd zY^=_$(exHAUG&HZsd?8AoHWx+1a@`xrDj7g$YtPDZ>9+ z=#Ky|8@Pn}6N8clXkHYC7e)UQxgSu>D2BjAG6Y_TOw25-Z0sDIP@!lIK%+1iG!urI znF-#hs1U}5$;-S}3a`t;w;R4ofWPyH{QU}--MDG<7G)JxHFXV5J$(a1qn*aPtgLNp z_w3!b-^rQe;_Bw^L8bWz1O^=mK6U!c+3<7cBVyw&#V1@&ypoifcI$R}M&_NY{DQ)w z;*!#`@+VLKd{$laytc0CO>;|YTYE=m-~0X#A3qIz9vqtZIyp7{ZRY#v9I`GHJO!)r zuj}H4>*8Qy!Z5KS>q4Oe;e+92VwS?QtkvDk>fpyGO*qLRD5KoBVM0h)WF2EA|F)3- zi`PG#Uh#Q$j@}8lFetb&7+#q(90$5?0I z#k1-;Z4otmGs)GWM{GEcl>!IT7qkq8ZtfSe>xAOMYWO{*UR*jnAGj?vxO7I<>P|2J zx%PK=-e(hWn=&nTgf8|)I;Ls?k_n~wH798AiD_@Fl8+^9zJW4HIC#x!!`dTdkHB%3 zq&#x;=EJvUoKBk7W#Zn=ziA=pzKeS#a*IHe4m!D>E4eP(L%X?OYjPywp|=lrsf{`7 zf!~L2+*qGnThTsYtaTxqdzMkNt3B^VCM^Xrf5GY0T!` zExOh2L-Onoy3`IR``n_ag3x3ecS7%`cQoynZV%?1B)h!odcKu>Z($cRe|y5Iw`<nZ}yh=j$hLe@&L* zXy0)(?wOF-+2RS=o*NR|gKl%x8B2z6n{0^NBtz-~Vd2u*xKppFV>_C~&)ljI-8Jh@ z2glxUC0-(2IUC+^Uc~PeSE|Or6VnmjcA7$ko2YYoxAL}edlbDir|1mwR_i7 zC(1qX_|3}t?s2=k8|Kc$1!h}2>Kl0Ke!WP&=9u!3fR%haQkxrcPkdT%?G7|`y({2& z<8XBqEcNhRp7-DxsWZsR zx+)}L_fsvW)cO-kgj4%B%jQx_jomEn&#!;^N1J~XPC(>SIkyh6DWc%OS=!c1_?X%Z zgYo`9FP3@kOrtmX^nYg7|4>fo6Ken9ALQk9O+LRqTu0H%Nr2C8|6S3vN}i1~yWZ_N zN(UUHogr^}JSXn6a(@dlIlM?++_HH|!d)@Cs`E0plsX$P^?PLV{Laock&e1~aZ1f~ zcZ=e&=&vEe4t}AocvT6IhJ?rMt@n# zhQh`?TfLat8lAe-THI*H)?I|Q-5<~>CB__j|Gop7Tshb&k8SW)#Ei?Gn{f;GCF|&3LQA)4M*fTI4Ioo`}k*{ zHTSDg-^{c-vT^Pnk7cLS9_aMlQF&KD_4df{G`aAsAvJ2aseC%+>F+p$qNVzhibPyq zjIAwePn5(7bm`~m+8Y;Wm007o9lDb;$B)(gCiqP}EWPl}2i{EyM1t;2B9}|q2GzF} zVliPR^*vXgDKzPHTu4v67_c!OU_VS@FkNkv_kME*H8BCzBdyynJW=pHUe#ysmE^XK z>$G!q*X7}+48bchF%4E0-Oi)0l5DaXBh$<}=l}S03`E3Hnyt^&pp7bTDo&8N0Y4u0;ulx96Hu3t==0gw8pN`Sm+NJ8NrnWIEIPb{& zG{KdoG^Kz6+LfuEcQk?5}`e1N@E+xOd zqU8vngCJT~wgl$4If-4ir-jr8o4$uE zwJy$%|EpgFf8@dt@x9@u!#3x9%5Iutl_IBe)|u8P*q^jW&7b>Nuz#IQtKzGXBaUsm zSPa=`wZ}D=R1$|!Pkx^mjioFj;DIfbw3J4qz7b|0xvXtVvO zbjH>4*5t)&jU!Io2kY!F+F@`d@3>inb9YOEzW0&Ql<=Ek>|(>&;w;T4);E;={vf8| zBk>UM$Q>>=vB)gh1>GI*d@&`7Rlov-| zKe4M!|#$acG$~LB9&10o|Ps3kl|M-$l>q4H*0sSIFghW67q$GVW}N${8DN zIbW-1Bd1z3>nm9_a<9Mt+G@;EnRW7Yy!t{`(Nb*Kvu*NS_2&yt4Sw+yZm_bw=qD*= zX6`5~JZM}R{zz<#*(0f!?)7Hp)=3TSP7KDiWco?T#6(aHS%Wpg>#Vo<`f3Qs2s34e z^qVOC<{O7|NPGu^cW>(2qPXC$svNerpfk%v*di!L@UVqbrRxD585?OY3;es-VB4em z6Q=fd7fW+C<2kP-y)2K5%r!V*pO_>T?0ER571q!sxJ5z9svE!98PjM$*c!t(+Icrb z*v~%ODeMrhfP%--KhBhG*=3k0JjB9p58tliF00|pPTxs)j#>aO*Z^*xz_+Vfc_ z-YX;mquL<52CI53StHja{#6Tg?c|>XQDM_yr^wf3&RmbiBt}pp`)y;37Vit~$~&tS z!6Ym)!1Qh8V!VglCPx}}`w>xq-r3;wDLtvQB$dw* zt>UCQQXGbx3a{2V$Gsqo#F#HUH)^XA*uQfW)#)tFTWx5pb7k22%<%8GyuBN*gukts z?T_2no<|4c=LV}>>7b!@3mp{BdC`G#?Um#rI#81!&Q*jyrUTX3q8V}5g^tdd@Wn}< zN}jh1z4Vr$tolbqucjy-MK2ZiRp!#7UIx6GuX|<|a<;hgapdtcRYu!GX+>S)4~p;N zy3Xa_HOWB(s)ygY&)Qu9BeuEs?)BeS9U^->uW8jx{igpV@P2V!=vNM<$m3sw7K9t8 zFAoc6bsEDpN&A0sd7xGxv=5VoOt0Zi!Qh$rpb?+s9V>2P(@8x~h(d zCYPloei+mjJ^}K|PhS`!p3=M1)fP-_HC^yBt+ui?d0AiFRzMXA91I9fAWoW76JK5k z9tk$nO;*Cjk+VKo)|Q%FnFTOhCBziVc#Ca1#;)g z-J31zSS%`R$lde4;>!T@#jJ=flfA>72gUYIEgEUZF9r18ESU;@c={wBpqyx@a&NWi z+Y`H5D8sT#-jtTP%EX!eX>4?LVet2F_V($tBW`Kl(Gqjps5*Gckr2y;yIoXVbzYlJ zvz&vB+IC5yMFk<6Obe^(*g(|b&TGrwoiK~x!*PmHL49+UQJlyA!Zdr*jkB)B)X z^U7Gsyj9VLs%jmH*&NMKdMh|Ftk$Y2q7lOVF|FNe-?g1`3bx$z#OGyst7yD* zr#`2CIof;hQ?O}Zb^*DPR%tX$+WTFeB$vOCp~&%e&L!t{?`_YjYg5IG>k{+3ra3ch z$IZ>6}=jE^}+4wHda3ZxG+veJj%70UQ9U#XEk zHd#g=OvtQ?&Iy=>LS{tLPDp|a0C7fp`NRK58#Br1M-oE}K`oD3&gQ_6e`L(YWq+2F zh=>*nVKLK;0XxAq7Z>P{7c7yC1d=pZW^P_d`oRzw{C-%j>ZmXn`M(&(oZn#^0AC~v z$q>htdZmKtR4Bi4tF8Y}A0skIdKsp=-~-o<-oE@WA^@ph1op2A%&7p(qt(`G{gc8f zwK_4<_VM@ff)$dSVR0n;`#4jHjvh|1wKC4qiH2k}kxc^Da{s-+ljBA9aYfV+F(tXs zes1rek-eAO%N|;~x~=phUIP}Ym%9^*YU^c6g)P)CE-*9tAiWkotc-@S{!eqWx>Edo ze_>e26n9s5ACiy1HypxcV1-OhWN@&}?ci@sHX`|uC=N7|GbDiZ5ns}ZGKT>(oz6@` z7^KJ8+f@=)|8r#i)8&)?b@>>7ikG$YUTbJ-CG5zySR4Gzm{DCxzc4HgUNmb5*IziS z6A6wZ1<{PDJFU%39m!-bFbwmmtMo6*>~3UAu&$T8>uRKUmLs)um4@!H!pxC_zZVTc z_5c!v_AlzTt2BIle^Tdkbk!q!ktsg~mv?#o9Y#Mo;IzP;?1RLboksR0`qQYSpU(}4 z7d%J*V7VO0GgDqbuL}520@$FR0Kx$EbAAzx0z2U!ppQVl z3!DaAY;0`oY+NuC$jiyW$t%Fa#l<5a%*Q9d$0y9o#gLV1x$*ZB#m&jdjpbg0#jfGU zVzK;4f#qKw!uy|0KxbTZcok6@C- z9@oI|%NZp#Z38nf_lJhA!Q>xvD7+n+RT#FU@N1c%DL-jGX2QuBe#F#c%f@jf8OJ_K zSgf9vfD=`DVgn0eiB(qR$p>gHO~~26ruoCv?V@KbAE#|y0?sC+Gt6!L%iiBIdm{0t z$L0L|v7)*axREf>qeKTW_G&GYQE_KO4m`fTSiQCO=)u3mQM4$nyk9UqIpcN zV6d5Il5T9Pl10eF7r5Q; zyospE;8?FXo9U zK7|d}=+yf1x^3QO;aF1QH(P`6-`WOQlCF=DE2yb2ct&p!8_9)RX#!0Yik$dG(MmOp z_r65+7QwK9rPyvwKkx3bx%XY4wfWK)3#+ze99F%$cPKfYc*hQRpsCHqU=OKxNN474 zx5rY_ErPr}&82f_2Hm@RBTB7fZgTD9YI*;oqoptdHNnzAP&Z+b3%toP7l*45ypgW9BqvedIGx!lz2txA5* zMuWKl4Ii9U4pq;+Xg<)YaWB2^Fl)2-Jx?Ros<*w9`}PN}`4Z)vq@%b_`qf-P6Qy(V z^6C2EEb?c+th-C+l5--G4|ODy$GV29X2(9YZJoZHx|-N;mdkkUxizQ4{l~v5egWMj z!?K=U0$q{)cH1RSRi2uW&EDHESJ;uVzuJ7m-RIQ_`=1_2D2%yD&TKt6_OhqqO?&*z z`Y%Ss!935tW^39B`*qgcRr{cF+HyEx-;nmJoV$0TGENOS+r&_3d@8S}+?mtTP8q*G oRk*umed|MapAA#{=M>zXhTVI|m?&EpMKee#rF39cH`CJnUx2+WegFUf literal 0 HcmV?d00001 diff --git a/tests/bugfixes/github/test_issue_756.py b/tests/bugfixes/github/test_issue_756.py new file mode 100644 index 00000000..464a69ce --- /dev/null +++ b/tests/bugfixes/github/test_issue_756.py @@ -0,0 +1,20 @@ +import system_tests + + +class BufferOverReadInNikon1MakerNotePrint0x0088( + metaclass=system_tests.CaseMeta): + + url = "https://github.com/Exiv2/exiv2/issues/756" + + filename = system_tests.path( + "$data_path/NikonMakerNotePrint0x088_overread" + ) + commands = ["$exiv2 -pt --grep AFFocusPos $filename"] + stdout = [ + """Exif.Nikon1.AFFocusPos Undefined 4 Invalid value; Center +""" + ] + stderr = [""] + retval = [0] + + compare_stderr = system_tests.check_no_ASAN_UBSAN_errors