Merge pull request #1826 from Exiv2/mergify/bp/main/pr-1820

Check that the string isn't empty (backport #1820)
Exiv2 · Aug 2, 2021 · 0e7d80f · 0e7d80f
2 parents db25089 + 644aaaa
commit 0e7d80f
Show file tree

Hide file tree

Showing 4 changed files with 59 additions and 16 deletions.
diff --git a/src/value.cpp b/src/value.cpp
@@ -422,13 +422,11 @@ namespace Exiv2 {
         std::string c = comment;
         CharsetId charsetId = undefined;
         if (comment.length() > 8 && comment.substr(0, 8) == "charset=") {
-            std::string::size_type pos = comment.find_first_of(' ');
+            const std::string::size_type pos = comment.find_first_of(' ');
             std::string name = comment.substr(8, pos-8);
             // Strip quotes (so you can also specify the charset without quotes)
-            if (!name.empty()) {
-                if (name[0] == '"') name = name.substr(1);
-                if (name[name.length()-1] == '"') name = name.substr(0, name.length()-1);
-            }
+            if (!name.empty() && name[0] == '"') name = name.substr(1);
+            if (!name.empty() && name[name.length()-1] == '"') name = name.substr(0, name.length()-1);
             charsetId = CharsetInfo::charsetIdByName(name);
             if (charsetId == invalidCharsetId) {
 #ifndef SUPPRESS_WARNINGS
@@ -624,12 +622,9 @@ namespace Exiv2 {
         if (buf.length() > 5 && buf.substr(0, 5) == "type=") {
             std::string::size_type pos = buf.find_first_of(' ');
             type = buf.substr(5, pos-5);
-            if (type.empty()) {
-                throw Error(kerInvalidXmpText, type);
-            }
             // Strip quotes (so you can also specify the type without quotes)
-            if (type[0] == '"') type = type.substr(1);
-            if (type[type.length()-1] == '"') type = type.substr(0, type.length()-1);
+            if (!type.empty() && type[0] == '"') type = type.substr(1);
+            if (!type.empty() && type[type.length()-1] == '"') type = type.substr(0, type.length()-1);
             b.clear();
             if (pos != std::string::npos) b = buf.substr(pos+1);
         }
@@ -788,8 +783,12 @@ namespace Exiv2 {
             static const char* ALPHA = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
             static const char* ALPHA_NUM = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
 
-            std::string::size_type pos = buf.find_first_of(' ');
-            lang = buf.substr(5, pos-5);
+            const std::string::size_type pos = buf.find_first_of(' ');
+            if (pos == std::string::npos) {
+                lang = buf.substr(5);
+            } else {
+                lang = buf.substr(5, pos-5);
+            }
             if (lang.empty()) throw Error(kerInvalidLangAltValue, buf);
             // Strip quotes (so you can also specify the language without quotes)
             if (lang[0] == '"') {

diff --git a/test/data/issue_1819_poc.exv b/test/data/issue_1819_poc.exv
diff --git a/tests/bugfixes/github/test_issue_1819.py b/tests/bugfixes/github/test_issue_1819.py
@@ -0,0 +1,41 @@
+# -*- coding: utf-8 -*-
+
+from system_tests import CaseMeta, CopyTmpFiles, path, check_no_ASAN_UBSAN_errors
+
+class EmptyStringXmpTextValueRead(metaclass=CaseMeta):
+    """
+    Regression test for the bug described in:
+    https://github.com/Exiv2/exiv2/issues/1819
+    """
+    url = "https://github.com/Exiv2/exiv2/issues/1819"
+
+    filename = path("$data_path/issue_1819_poc.exv")
+    commands = ["$exiv2 -q $filename"]
+    stdout = ["""File name       : $filename
+File size       : 1088 Bytes
+MIME type       : application/rdf+xml
+Image size      : 0 x 0
+Thumbnail       : None
+Camera make     : 
+Camera model    : 
+Image timestamp : 
+File number     : 
+Exposure time   : 
+Aperture        : 
+Exposure bias   : 
+Flash           : 
+Flash bias      : 
+Focal length    : 
+Subject distance: 
+ISO speed       : 
+Exposure mode   : 
+Metering mode   : 
+Macro mode      : 
+Image quality   : 
+White balance   : 
+Copyright       : 
+Exif comment    : 
+
+"""]
+    stderr = [""]
+    retval = [0]
diff --git a/tests/bugfixes/github/test_issue_ghsa_v5g7_46xf_h728.py b/tests/bugfixes/github/test_issue_ghsa_v5g7_46xf_h728.py
@@ -11,8 +11,11 @@ class Jp2ImageEncodeJp2HeaderOutOfBoundsRead2(metaclass=CaseMeta):
 
     filename = path("$data_path/issue_ghsa_v5g7_46xf_h728_poc.exv")
     commands = ["$exiv2 $filename"]
-    stdout = [""]
-    stderr = ["""Exiv2 exception in print action for file $filename:
-Invalid XmpText type `'
+    stdout = ["""File name       : $filename
+File size       : 276 Bytes
+MIME type       : application/rdf+xml
+Image size      : 0 x 0
 """]
-    retval = [1]
+    stderr = ["""$filename: No Exif data found in the file
+"""]
+    retval = [253]