From e1686ebc3893db3b5a3b9842e8b047473dde5b72 Mon Sep 17 00:00:00 2001 From: Kevin Backhouse Date: Tue, 20 Apr 2021 12:03:04 +0100 Subject: [PATCH] Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p --- test/data/issue_ghsa_jgm9_5fw5_pw9p_poc.exv | Bin 0 -> 165 bytes test/data/issue_ghsa_jgm9_5fw5_pw9p_poc.jp2 | Bin 0 -> 1419 bytes .../github/test_issue_ghsa_jgm9_5fw5_pw9p.py | 43 ++++++++++++++++++ 3 files changed, 43 insertions(+) create mode 100644 test/data/issue_ghsa_jgm9_5fw5_pw9p_poc.exv create mode 100644 test/data/issue_ghsa_jgm9_5fw5_pw9p_poc.jp2 create mode 100644 tests/bugfixes/github/test_issue_ghsa_jgm9_5fw5_pw9p.py diff --git a/test/data/issue_ghsa_jgm9_5fw5_pw9p_poc.exv b/test/data/issue_ghsa_jgm9_5fw5_pw9p_poc.exv new file mode 100644 index 0000000000000000000000000000000000000000..862c36553fea9dff8683cfac5d352ce0a8c7ba21 GIT binary patch literal 165 xcmey*=vt9kX7v9d!z>^pje)__Q;UIvfq{V=i0KFT84-2~GchwDaT)&K1OT=238er4 literal 0 HcmV?d00001 diff --git a/test/data/issue_ghsa_jgm9_5fw5_pw9p_poc.jp2 b/test/data/issue_ghsa_jgm9_5fw5_pw9p_poc.jp2 new file mode 100644 index 0000000000000000000000000000000000000000..45deb11217096bc71ecb287cfeb64055988fe1a9 GIT binary patch literal 1419 zcmZQzVBpCLP*C9IYUg5LU=RUfbfBA6V3YwA6hoJQ@RRd%ir_M=cBQ46DP9HXA(?4u zt`(VSx^`XxMxLHp3>-i;yl{0O20tSTm!=$HCT0ehb(!r5t5iE!5S&rgXb6mkz-R~z HPzV43!krH+ literal 0 HcmV?d00001 diff --git a/tests/bugfixes/github/test_issue_ghsa_jgm9_5fw5_pw9p.py b/tests/bugfixes/github/test_issue_ghsa_jgm9_5fw5_pw9p.py new file mode 100644 index 00000000..0c8005e2 --- /dev/null +++ b/tests/bugfixes/github/test_issue_ghsa_jgm9_5fw5_pw9p.py @@ -0,0 +1,43 @@ +# -*- coding: utf-8 -*- + +from system_tests import CaseMeta, path + + +class WebPImageDoWriteMetadataOutOfBoundsRead(metaclass=CaseMeta): + """ + Regression test for the bug described in: + https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p + """ + url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p" + + filename1 = path("$data_path/issue_ghsa_jgm9_5fw5_pw9p_poc.jp2") + filename2 = path("$data_path/issue_ghsa_jgm9_5fw5_pw9p_poc.exv") + commands = ["$exiv2 in $filename1"] + stdout = [""] + stderr = [ +"""Warning: Directory Image, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x010f has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x010f has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x8769 has unknown Exif (TIFF) type 0; setting type size 1. +Warning: Directory Image, entry 0x8769 doesn't look like a sub-IFD. +Warning: Directory Image, entry 0x8825 doesn't look like a sub-IFD. +$filename1: Could not write metadata to file: $kerCorruptedMetadata +"""] + retval = [1]