Merge pull request #758 from Exiv2/fix_756

Fix #756
Exiv2 · Mar 29, 2019 · 476be79 · 476be79
2 parents 5118c64 + a7357e7
commit 476be79
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 7 deletions.
diff --git a/src/nikonmn_int.cpp b/src/nikonmn_int.cpp
@@ -370,8 +370,12 @@ namespace Exiv2 {
                                                const ExifData*)
     {
         if (value.count() >= 1) {
-            unsigned long focusArea = value.toLong(0);
-            os << nikonFocusarea[focusArea] ;
+            const unsigned long focusArea = value.toLong(0);
+            if (focusArea >= EXV_COUNTOF(nikonFocusarea)) {
+                os << "Invalid value";
+            } else {
+                os << nikonFocusarea[focusArea];
+            }
         }
         if (value.count() >= 2) {
             os << "; ";

diff --git a/test/data/NikonMakerNotePrint0x088_overread b/test/data/NikonMakerNotePrint0x088_overread
diff --git a/tests/bugfixes/github/test_issue_756.py b/tests/bugfixes/github/test_issue_756.py
@@ -0,0 +1,20 @@
+import system_tests
+
+
+class BufferOverReadInNikon1MakerNotePrint0x0088(
+        metaclass=system_tests.CaseMeta):
+
+    url = "https://github.com/Exiv2/exiv2/issues/756"
+
+    filename = system_tests.path(
+        "$data_path/NikonMakerNotePrint0x088_overread"
+    )
+    commands = ["$exiv2 -pt --grep AFFocusPos $filename"]
+    stdout = [
+        """Exif.Nikon1.AFFocusPos                       Undefined   4  Invalid value; Center
+"""
+    ]
+    stderr = [""]
+    retval = [0]
+
+    compare_stderr = system_tests.check_no_ASAN_UBSAN_errors
diff --git a/tests/system_tests.py b/tests/system_tests.py
@@ -887,7 +887,7 @@ def add_default_values(clsname, dct):
 
 
 def check_no_ASAN_UBSAN_errors(self, i, command, got_stderr, expected_stderr):
-    """
+    r"""
     Drop-in replacement for the default Case.compare_stderr() function that
     **only** checks for any signs of ASAN (address sanitizer) and UBSAN
     (undefined behavior sanitizer).
@@ -914,12 +914,15 @@ def check_no_ASAN_UBSAN_errors(self, i, command, got_stderr, expected_stderr):
 
     The new compare_stderr will only complain if there are strings inside the
     obtained stderr which could be an error reported by ASAN/UBSAN:
-    >>> T.compare_stderr(0, "", "runtime error: load of value 190", "some output")
+    >>> T.compare_stderr(0, "",
+    ...     "Some debuging output\nruntime error: load of value 190",
+    ...     "some output")
     Traceback (most recent call last):
      ..
     AssertionError: 'runtime error' unexpectedly found in 'runtime error: load of value 190'
 
-    >>> T.compare_stderr(0, "", "SUMMARY: AddressSanitizer: heap-buffer-overflow", "")
+    >>> T.compare_stderr(
+    ...     0, "", "SUMMARY: AddressSanitizer: heap-buffer-overflow", "")
     Traceback (most recent call last):
      ..
     AssertionError: 'AddressSanitizer' unexpectedly found in 'SUMMARY: AddressSanitizer: heap-buffer-overflow'
@@ -943,5 +946,6 @@ def check_no_ASAN_UBSAN_errors(self, i, command, got_stderr, expected_stderr):
         self.assertNotIn(ASAN_MSG.encode('ascii'), got_stderr)
         return
 
-    self.assertNotIn(UBSAN_MSG, got_stderr)
-    self.assertNotIn(ASAN_MSG, got_stderr)
+    for stderr_line in got_stderr.splitlines():
+        self.assertNotIn(UBSAN_MSG, stderr_line)
+        self.assertNotIn(ASAN_MSG, stderr_line)