Skip to content

Commit

Permalink
Replace assert with enforce. (Fix for #2268)
Browse files Browse the repository at this point in the history 
(cherry picked from commit aca8845)

# Conflicts:
#	src/jp2image.cpp
  • Loading branch information
@kevinbackhouse @mergify
kevinbackhouse authored and mergify[bot] committed Jul 7, 2022
1 parent 1cdb181 commit 424ac7d
Showing 1 changed file with 143 additions and 0 deletions.
143 changes: 143 additions & 0 deletions src/jp2image.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -504,9 +504,152 @@ void Jp2Image::printStructure(std::ostream& out, PrintStructureOption option, in
if (bPrint) {
out << " | iccLength:" << iccLength;
}
<<<<<<< HEAD
enforce(iccLength <= data.size() - pad, ErrorCode::kerCorruptedMetadata);
if (bICC) {
out.write(data.c_str(pad), iccLength);
=======
if (box.type == kJp2BoxTypeClose)
break;

switch (box.type) {
case kJp2BoxTypeSignature: {
if (boxSignatureFound) // Only one is allowed
throw Error(kerCorruptedMetadata);
boxSignatureFound = true;
break;
}
case kJp2BoxTypeFileTypeBox: {
// This box shall immediately follow the JPEG 2000 Signature box
/// \todo All files shall contain one and only one File Type box.
std::vector<byte> boxData(box.length - boxSize);
io_->read(boxData.data(), static_cast<long>(boxData.size()));
if (!Internal::isValidBoxFileType(boxData))
throw Error(kerCorruptedMetadata);
break;
}
case kJp2BoxTypeHeader: {
lf(out, bLF);

while (io_->read((byte*)&subBox, sizeof(subBox)) == sizeof(subBox) &&
io_->tell() < position + (long)box.length) // don't read beyond the box!
{
const size_t address = io_->tell() - sizeof(subBox);
subBox.length = getLong((byte*)&subBox.length, bigEndian);
subBox.type = getLong((byte*)&subBox.type, bigEndian);

if (subBox.length < sizeof(box) || subBox.length > io_->size() - io_->tell()) {
throw Error(kerCorruptedMetadata);
}

DataBuf data(subBox.length - sizeof(box));
io_->read(data.pData_, data.size_);
if (bPrint) {
out << Internal::stringFormat("%8ld | %8ld | sub:", (size_t)address,
(size_t)subBox.length)
<< toAscii(subBox.type) << " | "
<< Internal::binaryToString(makeSlice(data, 0, std::min(30l, data.size_)));
bLF = true;
}

if (subBox.type == kJp2BoxTypeImageHeader) {
enforce(subBox.length == 22, kerCorruptedMetadata);
// height (4), width (4), componentsCount (2), bpc (1)
uint8_t compressionType = data.pData_[11];
uint8_t unkC = data.pData_[12];
uint8_t ipr = data.pData_[13];
if (compressionType != 7 || unkC > 1 || ipr > 1) {
throw Error(kerCorruptedMetadata);
}
}
if (subBox.type == kJp2BoxTypeColorSpec) {
long pad = 3; // don't know why there are 3 padding bytes

// Bounds-check for the `getULong()` below, which reads 4 bytes, starting at `pad`.
enforce(data.size_ >= pad + 4, kerCorruptedMetadata);

/// \todo A conforming JP2 reader shall ignore all Colour Specification boxes after the
/// first.
uint8_t METH = data.pData_[0];
// auto PREC = data.read_uint8(1);
// auto APPROX = data.read_uint8(2);
if (METH == 1) { // Enumerated Colourspace
const uint32_t enumCS = getULong(data.pData_ + 3, bigEndian);
if (enumCS != 16 && enumCS != 17) {
throw Error(kerCorruptedMetadata);
}
} else { // Restricted ICC Profile
// see the ICC Profile Format Specification, version ICC.1:1998-09
const long iccLength = (long)getULong(data.pData_ + pad, bigEndian);
if (bPrint) {
out << " | iccLength:" << iccLength;
}
enforce(iccLength <= data.size_ - pad, kerCorruptedMetadata);
if (bICC) {
out.write((const char*)data.pData_ + pad, iccLength);
}
}
}
lf(out, bLF);
}
} break;

case kJp2BoxTypeUuid: {
if (io_->read((byte*)&uuid, sizeof(uuid)) == sizeof(uuid)) {
bool bIsExif = memcmp(uuid.uuid, kJp2UuidExif, sizeof(uuid)) == 0;
bool bIsIPTC = memcmp(uuid.uuid, kJp2UuidIptc, sizeof(uuid)) == 0;
bool bIsXMP = memcmp(uuid.uuid, kJp2UuidXmp, sizeof(uuid)) == 0;

bool bUnknown = !(bIsExif || bIsIPTC || bIsXMP);

if (bPrint) {
if (bIsExif)
out << "Exif: ";
if (bIsIPTC)
out << "IPTC: ";
if (bIsXMP)
out << "XMP : ";
if (bUnknown)
out << "????: ";
}

DataBuf rawData;
enforce(box.length >= sizeof(uuid) + sizeof(box), kerCorruptedMetadata);
rawData.alloc(box.length - sizeof(uuid) - sizeof(box));
long bufRead = io_->read(rawData.pData_, rawData.size_);
if (io_->error())
throw Error(kerFailedToReadImageData);
if (bufRead != rawData.size_)
throw Error(kerInputDataReadFailed);

if (bPrint) {
out << Internal::binaryToString(
makeSlice(rawData, 0, rawData.size_ > 40 ? 40 : rawData.size_));
out.flush();
}
lf(out, bLF);

if (bIsExif && bRecursive && rawData.size_ > 8) { // "II*\0long"
if ((rawData.pData_[0] == rawData.pData_[1]) &&
(rawData.pData_[0] == 'I' || rawData.pData_[0] == 'M')) {
BasicIo::AutoPtr p = BasicIo::AutoPtr(new MemIo(rawData.pData_, rawData.size_));
printTiffStructure(*p, out, option, depth);
}
}

if (bIsIPTC && bRecursive) {
IptcData::printStructure(out, makeSlice(rawData.pData_, 0, rawData.size_), depth);
}

if (bIsXMP && bXMP) {
out.write((const char*)rawData.pData_, rawData.size_);
}
}
} break;

default:
break;
>>>>>>> aca88457 (Replace assert with enforce. (Fix for https://github.com/Exiv2/exiv2/issues/2268))
}
}
}
Expand Down

0 comments on commit 424ac7d

Please sign in to comment.