From 1260060d7d622795bfda483cf7c20abba7775527 Mon Sep 17 00:00:00 2001 From: jiakai Date: Thu, 5 Nov 2015 17:58:35 +0800 Subject: [PATCH 1/2] check boundary in ExifReader --- modules/imgcodecs/src/jpeg_exif.cpp | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/modules/imgcodecs/src/jpeg_exif.cpp b/modules/imgcodecs/src/jpeg_exif.cpp index caade4803..142a079f0 100644 --- a/modules/imgcodecs/src/jpeg_exif.cpp +++ b/modules/imgcodecs/src/jpeg_exif.cpp @@ -42,6 +42,13 @@ #include "jpeg_exif.hpp" +namespace { + + class ExifParsingError { + }; +} + + namespace cv { @@ -66,12 +73,16 @@ ExifReader::~ExifReader() */ bool ExifReader::parse() { - m_exif = getExif(); - if( !m_exif.empty() ) - { - return true; + try { + m_exif = getExif(); + if( !m_exif.empty() ) + { + return true; + } + return false; + } catch (ExifParsingError&) { + return false; } - return false; } @@ -401,6 +412,9 @@ std::string ExifReader::getString(const size_t offset) const */ uint16_t ExifReader::getU16(const size_t offset) const { + if (offset + 1 >= m_data.size()) + throw ExifParsingError(); + if( m_format == INTEL ) { return m_data[offset] + ( m_data[offset + 1] << 8 ); @@ -416,6 +430,9 @@ uint16_t ExifReader::getU16(const size_t offset) const */ uint32_t ExifReader::getU32(const size_t offset) const { + if (offset + 3 >= m_data.size()) + throw ExifParsingError(); + if( m_format == INTEL ) { return m_data[offset] + From 80df9ddedb0d4f7c3d401ebbd8663300c4c35157 Mon Sep 17 00:00:00 2001 From: jiakai Date: Thu, 5 Nov 2015 18:32:51 +0800 Subject: [PATCH 2/2] check for exifSize --- modules/imgcodecs/src/jpeg_exif.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/imgcodecs/src/jpeg_exif.cpp b/modules/imgcodecs/src/jpeg_exif.cpp index 142a079f0..af4b7a990 100644 --- a/modules/imgcodecs/src/jpeg_exif.cpp +++ b/modules/imgcodecs/src/jpeg_exif.cpp @@ -158,6 +158,9 @@ std::map ExifReader::getExif() case APP1: //actual Exif Marker exifSize = getFieldSize(f); + if (exifSize <= offsetToTiffHeader) { + throw ExifParsingError(); + } m_data.resize( exifSize - offsetToTiffHeader ); fseek(f, static_cast( offsetToTiffHeader ), SEEK_CUR); count = fread( &m_data[0], sizeof( unsigned char ), exifSize - offsetToTiffHeader, f );