Skip to content

Commit

Permalink
Account for header bytes for Exif and XMP boxes (backport #2234)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kmilos
kmilos committed May 19, 2022
1 parent 237d26b commit 847a5e8
Showing 1 changed file with 20 additions and 22 deletions.
42 changes: 20 additions & 22 deletions src/bmffimage.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -482,10 +482,10 @@ namespace Exiv2
parseTiff(Internal::Tag::cmt4, box_length);
break;
case TAG_exif:
parseTiff(Internal::Tag::root, box_length,address+8);
parseTiff(Internal::Tag::root, buffer_size, io_->tell());
break;
case TAG_xml:
parseXmp(box_length,io_->tell());
parseXmp(buffer_size, io_->tell());
break;
case TAG_thmb:
switch (version) {
Expand Down Expand Up @@ -568,29 +568,27 @@ namespace Exiv2

void BmffImage::parseXmp(uint64_t length,uint64_t start)
{
if (length > 8) {
enforce(start <= io_->size(), kerCorruptedMetadata);
enforce(length <= io_->size() - start, kerCorruptedMetadata);

long restore = io_->tell() ;
enforce(start <= static_cast<unsigned long>(std::numeric_limits<long>::max()), kerCorruptedMetadata);
io_->seek(static_cast<long>(start),BasicIo::beg);
enforce(start <= io_->size(), kerCorruptedMetadata);
enforce(length <= io_->size() - start, kerCorruptedMetadata);

enforce(length < static_cast<unsigned long>(std::numeric_limits<long>::max()), kerCorruptedMetadata);
DataBuf xmp(static_cast<long>(length+1));
xmp.pData_[length]=0 ; // ensure xmp is null terminated!
if ( io_->read(xmp.pData_, static_cast<long>(length)) != static_cast<long>(length) )
throw Error(kerInputDataReadFailed);
if ( io_->error() )
throw Error(kerFailedToReadImageData);
try {
Exiv2::XmpParser::decode(xmpData(), std::string(reinterpret_cast<char*>(xmp.pData_)));
} catch (...) {
throw Error(kerFailedToReadImageData);
}
long restore = io_->tell() ;
enforce(start <= static_cast<unsigned long>(std::numeric_limits<long>::max()), kerCorruptedMetadata);
io_->seek(static_cast<long>(start),BasicIo::beg);

io_->seek(restore,BasicIo::beg);
enforce(length < static_cast<unsigned long>(std::numeric_limits<long>::max()), kerCorruptedMetadata);
DataBuf xmp(static_cast<long>(length+1));
xmp.pData_[length]=0 ; // ensure xmp is null terminated!
if ( io_->read(xmp.pData_, static_cast<long>(length)) != static_cast<long>(length) )
throw Error(kerInputDataReadFailed);
if ( io_->error() )
throw Error(kerFailedToReadImageData);
try {
Exiv2::XmpParser::decode(xmpData(), std::string(reinterpret_cast<char*>(xmp.pData_)));
} catch (...) {
throw Error(kerFailedToReadImageData);
}

io_->seek(restore,BasicIo::beg);
}

void BmffImage::parseCr3Preview(DataBuf &data,
Expand Down

0 comments on commit 847a5e8

Please sign in to comment.