Parsing metadata in BmffImage stumbles over "hdlr" tag in .mp4 file

[JensZuzu]

Describe the bug

Reading the meta data of a .mp4 file created with a Sony mobile phone fails because of an unexpected hdlr tag that is interpreted as the size of a box.

To Reproduce

Steps to reproduce the behavior:

1. Call Exiv2::ImageFactory::open( filename )->readMetadata() for the .mp4 file
2. Exception is thrown

Expected behavior

Metadata should be parsed correctly.

Desktop (please complete the following information):

• OS and version: Linux (openSUSE Tumbleweed, Version_id=20221105)
• Exiv2 version and source: 0.27.5 from distribution
• Compiler and version: Gcc, version unknown
• Compilation mode and/or compiler flags: ?

Additional context

The stack trace to the point where the exception is thrown is:
#0 __cxa_throw() at /lib64/libstdc++.so.6
#1 enforce() at /usr/src/debug/exiv2-0.27.5/src/enforce.hpp:50
#2 Exiv2::BmffImage::boxHandler() at /usr/src/debug/exiv2-0.27.5/src/bmffimage.cpp:244
#3 Exiv2::BmffImage::boxHandler() at /usr/include/c++/12/backward/auto_ptr.h:198
#4 Exiv2::BmffImage::boxHandler() at /usr/include/c++/12/backward/auto_ptr.h:198
#5 Exiv2::BmffImage::readMetadata() at /usr/src/debug/exiv2-0.27.5/src/bmffimage.cpp:673
#6 ... application code

At frame #2 the contents of the hdrbuf, which is of type Exiv2::byte[8] is: "hdlr\000\000\000"
The first four bytes of it are reinterpret_cast-ed to the box_length == 1751411826

Dumping the file with ISOBMFF-Dump results in:

[ ISOBMFF::File ]
{
    [ ftyp ]
    {
        - Major brand:       mp42
        - Minor version:     0
        - Compatible brands: isom, mp42
    }
    [ moov ]
    {
        [ mvhd ]
        {
            - Version:           0
            - Flags:             0x00000000
            - Creation time:     3696489482
            - Modification time: 3696489482
            - Timescale:         1000
            - Duration:          2234
            - Rate:              65536
            - Volume:            256
            - Matrix:            { a = 1073741824, b = 0, u = 0, c = 0, d = 65536, v = 0, x = 0, y = 0, w = 65536 }
            - Next track ID:     3
        }
        [ meta ]
        {
            - Version: 0
            - Flags:   0x00000000
        }
        {
            [ hdlr ]
            {
                - Version:      0
                - Flags:        0x00000000
                - Handler type: mdta
                - Handler name: 
            }
            [ keys ]
            [ ilst ]
        }
        [ trak ]
        {
            [ tkhd ]
            {
                - Version:           0
                - Flags:             0x00000007
                - Creation time:     3696489482
                - Modification time: 3696489482
                - Track ID:          1
                - Duration:          2063
                - Layer:             0
                - Alternate group:   0
                - Volume:            256
                - Matrix:            { a = 1073741824, b = 0, u = 0, c = 0, d = 65536, v = 0, x = 0, y = 0, w = 65536 }
                - Width:             0.000000
                - Height:            0.000000
            }
            [ mdia ]
            {
                [ mdhd ]
                [ hdlr ]
                {
                    - Version:      0
                    - Flags:        0x00000000
                    - Handler type: soun
                    - Handler name: SoundHandle
                }
                [ minf ]
                {
                    [ smhd ]
                    [ dinf ]
                    {
                        [ dref ]
                        {
                            - Version: 0
                            - Flags:   0x00000000
                        }
                        {
                            [ url  ]
                            {
                                - Version: 0
                                - Flags:   0x00000001
                            }
                        }
                    }
                    [ stbl ]
                    {
                        [ stsd ]
                        {
                            - Version: 0
                            - Flags:   0x00000000
                        }
                        {
                            [ mp4a ]
                        }
                        [ stts ]
                        [ stsz ]
                        [ stsc ]
                        [ co64 ]
                    }
                }
            }
        }
        [ trak ]
        {
            [ tkhd ]
            {
                - Version:           0
                - Flags:             0x00000007
                - Creation time:     3696489482
                - Modification time: 3696489482
                - Track ID:          2
                - Duration:          2234
                - Layer:             0
                - Alternate group:   0
                - Volume:            0
                - Matrix:            { a = 1073741824, b = 0, u = 0, c = 0, d = 0, v = 4294901760, x = 0, y = 65536, w = 0 }
                - Width:             1920.000000
                - Height:            1080.000000
            }
            [ mdia ]
            {
                [ mdhd ]
                [ hdlr ]
                {
                    - Version:      0
                    - Flags:        0x00000000
                    - Handler type: vide
                    - Handler name: VideoHandle
                }
                [ minf ]
                {
                    [ vmhd ]
                    [ dinf ]
                    {
                        [ dref ]
                        {
                            - Version: 0
                            - Flags:   0x00000000
                        }
                        {
                            [ url  ]
                            {
                                - Version: 0
                                - Flags:   0x00000001
                            }
                        }
                    }
                    [ stbl ]
                    {
                        [ stsd ]
                        {
                            - Version: 0
                            - Flags:   0x00000000
                        }
                        {
                            [ avc1 ]
                        }
                        [ stts ]
                        [ stss ]
                        [ stsz ]
                        [ stsc ]
                        [ co64 ]
                    }
                }
            }
        }
    }
    [ free ]
    [ mdat ]
}

[clanmills]

@JensZuzu Please provide your test file, and I will investigate.

[1div0]

I could take a l👀k at the sample file as well.

[clanmills]

We need to test file to make progress.

Its hard to believe this bug is true. The value box_length == 1751411826 is the uint32_t little-endian of the 'hdlr'.

1259 rmills@rmillsm1:~ $ echo -n 'hdlr' | dmpf endian=1 hex=0 bs=4 -
       0        0: hdlr                              ->  1751411826
1260 rmills@rmillsm1:~ $ 

A box is 8bytes with a 4byte type and a 4byte length, so I wonder why we'd cast type to length. There's a way to have an 8byte length and perhaps we've encountered that.

I've found samples here: https://www.dpreview.com/forums/thread/4632208.

1252 rmills@rmillsm1:~ $ exiv2 -pe -g Model -g Maker ~/Downloads/DSC00032.HIF | grep -v MakerNote
Exif.Image.Model                             Ascii       9  ILCE-7M4
Exif.Sony1.SonyModelID                       Short       1  388
Exif.SonyMisc3c.ModelReleaseYear             Byte        1  255
Exif.Photo.LensModel                         Ascii      18  FE 28-60mm F4-5.6
1253 rmills@rmillsm1:~ $ 

Those files don't have a MOOV box which is shown in the ISOBMFF-Dump output above.

There are samples here (JPEG and DNG, no HEIF): https://www.photographyblog.com/reviews/sony_xperia_pro_i_review#sample_images

Exif.Image.UniqueCameraModel                 Ascii      18  XQ-BE52-Sony-Sony
1232 rmills@rmillsm1:~/gnu/github/exiv2/main $ exiv2 --verbose -pe -g Maker/i -g Model/i ~/Downloads/*.dng
File 1/1: /Users/rmills/Downloads/sony_xperia_pro_i_01.dng
Exif.Image.Model                             Ascii       8  XQ-BE52
Exif.Image.UniqueCameraModel                 Ascii      18  XQ-BE52-Sony-Sony
1233 rmills@rmillsm1:~/gnu/github/exiv2/main $ 

I unsuccessfully searched the raw image stores mentioned in my book: https://exiv2.org/book/index.html#8-6

@1div0. I'm going to close this. Can you email me when @JensZuzu provides a test image and I will reopen the issue and investigate.

[kmilos]

Hang on, this is a video file, no?

I don't think it should end up in the bmffimage handler anyway, we should probably discard 'mp42' ftyp just like we used to do the qt one and let the quicktimevideo handler give it a go?

Edit: Unfortunately, on 0.27.x we check isBmffType before isQTimeType, and we don't discard mp42 (or any of the plethora of video filetypes apart from qt )... Thankfully, it's already flipped on main, so give that a go instead.

[clanmills]

You're right @kmilos. It's a video file. I realised that about 10 seconds after closing the bug. I know that work is being done on video/main.

It sounds as though you have dealt with this on main.

As it involved video, I'm not getting further involved. The issue can be reopened when a test file is provided.