From 15d99996bda885b95b2e6d77c8659c10037c1ab1 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Sat, 31 Jul 2021 15:36:02 +0100
Subject: [PATCH 1/2] Regression test for
 https://github.com/Exiv2/exiv2/issues/1819

---
 test/data/issue_1819_poc.exv             | Bin 0 -> 1088 bytes
 tests/bugfixes/github/test_issue_1819.py |  41 +++++++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 test/data/issue_1819_poc.exv
 create mode 100644 tests/bugfixes/github/test_issue_1819.py

diff --git a/test/data/issue_1819_poc.exv b/test/data/issue_1819_poc.exv
new file mode 100644
index 0000000000000000000000000000000000000000..7c327e6262cfe2722e92707477656e3d2290551f
GIT binary patch
literal 1088
zcmZux%W~Q<6m2(IFx_Uaakki!4F#;R$pn~mSTK`9KA^&uL8)J{#EjEl>15k)>#nPI
z+g{0r07VPUNcY@xALmNJZC$eHD_3aEHzE(MUwkX9+i@qTX`PiBR}9rznoC-T7K;nl
z@od-aS>p~0syLy`*?nt=Q)q3K@-gwS=h<+!rI#yK+qt~a4voi*%cv5i5=D+Q16vn6
z6<QY9QA-s^hUw?;Ke>|FbzFRGg|v*hq*&(Ifuz>liHZ!@tOPJQ2QL<TIL@W>`n`om
ze94oWW8!jKs6uXw1HHx{=u7<fdJp(7j1oyxefc9UPBY-OXiXHK5aK%F<k20{KC#J=
z5@K?J>gb|~Me;IZiieg*{BtX463;W9OK2eg+<|e_aVU$JV%iZ5Lyy41uHFqoCrK~+
zO^dXsRxk+=vG0HE_T8a3GP|$$9)aB-84*zsM^p)waxG~q>Rqau6MFx_%tb23>ZJs>
z>xuQcVdK-4Z$gWIv61ssZUU^Q0Pt5=@65V7UM55{IH}O%K~tu^Ydhu%v&NHj$I<F}
z$108<xm4(0q+FuUJN7NEm}>6Ux+4Oac+nwVlf8+)Pd~sXwdqRZw{dMMY%4X;bE9^U
zyY&-~6m;e=PZZjlRiG;Lqi3XeGtH;dhpI>*>(G+RPZKmB4f@?a@du=PH|+VYHzZSd
zaM(l-jD{1T<O8o(EGth`Sn=mpg}nx&OV#dS0lv)E_#C}cAZ_m8wZqSV4`0K$^AE<5
BM0WrH

literal 0
HcmV?d00001

diff --git a/tests/bugfixes/github/test_issue_1819.py b/tests/bugfixes/github/test_issue_1819.py
new file mode 100644
index 0000000000..a2e5d3e681
--- /dev/null
+++ b/tests/bugfixes/github/test_issue_1819.py
@@ -0,0 +1,41 @@
+# -*- coding: utf-8 -*-
+
+from system_tests import CaseMeta, CopyTmpFiles, path, check_no_ASAN_UBSAN_errors
+
+class EmptyStringXmpTextValueRead(metaclass=CaseMeta):
+    """
+    Regression test for the bug described in:
+    https://github.com/Exiv2/exiv2/issues/1819
+    """
+    url = "https://github.com/Exiv2/exiv2/issues/1819"
+
+    filename = path("$data_path/issue_1819_poc.exv")
+    commands = ["$exiv2 -q $filename"]
+    stdout = ["""File name       : $filename
+File size       : 1088 Bytes
+MIME type       : application/rdf+xml
+Image size      : 0 x 0
+Thumbnail       : None
+Camera make     : 
+Camera model    : 
+Image timestamp : 
+File number     : 
+Exposure time   : 
+Aperture        : 
+Exposure bias   : 
+Flash           : 
+Flash bias      : 
+Focal length    : 
+Subject distance: 
+ISO speed       : 
+Exposure mode   : 
+Metering mode   : 
+Macro mode      : 
+Image quality   : 
+White balance   : 
+Copyright       : 
+Exif comment    : 
+
+"""]
+    stderr = [""]
+    retval = [0]

From 644aaaac92b830e0f4fbeb124a80bf7404a7dd3b Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Sat, 31 Jul 2021 15:59:11 +0100
Subject: [PATCH 2/2] Check that the string isn't empty

---
 src/value.cpp                                 | 23 +++++++++----------
 .../github/test_issue_ghsa_v5g7_46xf_h728.py  | 11 +++++----
 2 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/src/value.cpp b/src/value.cpp
index f98ab20392..3092423db9 100644
--- a/src/value.cpp
+++ b/src/value.cpp
@@ -422,13 +422,11 @@ namespace Exiv2 {
         std::string c = comment;
         CharsetId charsetId = undefined;
         if (comment.length() > 8 && comment.substr(0, 8) == "charset=") {
-            std::string::size_type pos = comment.find_first_of(' ');
+            const std::string::size_type pos = comment.find_first_of(' ');
             std::string name = comment.substr(8, pos-8);
             // Strip quotes (so you can also specify the charset without quotes)
-            if (!name.empty()) {
-                if (name[0] == '"') name = name.substr(1);
-                if (name[name.length()-1] == '"') name = name.substr(0, name.length()-1);
-            }
+            if (!name.empty() && name[0] == '"') name = name.substr(1);
+            if (!name.empty() && name[name.length()-1] == '"') name = name.substr(0, name.length()-1);
             charsetId = CharsetInfo::charsetIdByName(name);
             if (charsetId == invalidCharsetId) {
 #ifndef SUPPRESS_WARNINGS
@@ -624,12 +622,9 @@ namespace Exiv2 {
         if (buf.length() > 5 && buf.substr(0, 5) == "type=") {
             std::string::size_type pos = buf.find_first_of(' ');
             type = buf.substr(5, pos-5);
-            if (type.empty()) {
-                throw Error(kerInvalidXmpText, type);
-            }
             // Strip quotes (so you can also specify the type without quotes)
-            if (type[0] == '"') type = type.substr(1);
-            if (type[type.length()-1] == '"') type = type.substr(0, type.length()-1);
+            if (!type.empty() && type[0] == '"') type = type.substr(1);
+            if (!type.empty() && type[type.length()-1] == '"') type = type.substr(0, type.length()-1);
             b.clear();
             if (pos != std::string::npos) b = buf.substr(pos+1);
         }
@@ -788,8 +783,12 @@ namespace Exiv2 {
             static const char* ALPHA = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
             static const char* ALPHA_NUM = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
             
-            std::string::size_type pos = buf.find_first_of(' ');
-            lang = buf.substr(5, pos-5);
+            const std::string::size_type pos = buf.find_first_of(' ');
+            if (pos == std::string::npos) {
+                lang = buf.substr(5);
+            } else {
+                lang = buf.substr(5, pos-5);
+            }
             if (lang.empty()) throw Error(kerInvalidLangAltValue, buf);
             // Strip quotes (so you can also specify the language without quotes)
             if (lang[0] == '"') {
diff --git a/tests/bugfixes/github/test_issue_ghsa_v5g7_46xf_h728.py b/tests/bugfixes/github/test_issue_ghsa_v5g7_46xf_h728.py
index de68afc222..5f3424f350 100644
--- a/tests/bugfixes/github/test_issue_ghsa_v5g7_46xf_h728.py
+++ b/tests/bugfixes/github/test_issue_ghsa_v5g7_46xf_h728.py
@@ -11,8 +11,11 @@ class Jp2ImageEncodeJp2HeaderOutOfBoundsRead2(metaclass=CaseMeta):
 
     filename = path("$data_path/issue_ghsa_v5g7_46xf_h728_poc.exv")
     commands = ["$exiv2 $filename"]
-    stdout = [""]
-    stderr = ["""Exiv2 exception in print action for file $filename:
-Invalid XmpText type `'
+    stdout = ["""File name       : $filename
+File size       : 276 Bytes
+MIME type       : application/rdf+xml
+Image size      : 0 x 0
 """]
-    retval = [1]
+    stderr = ["""$filename: No Exif data found in the file
+"""]
+    retval = [253]