diff options
author | Thiago Macieira <thiago.macieira@intel.com> | 2016-11-21 15:17:03 -0800 |
---|---|---|
committer | Thiago Macieira <thiago.macieira@intel.com> | 2016-11-30 18:03:07 +0000 |
commit | 02150649f95b8f46f826e6e002be3fa0b6d009bc (patch) | |
tree | 670e2a17963ce60e263244a380262632904829c3 /tests | |
parent | 2cfcd8a63e03783b76a36a9f96ff9c754cf06294 (diff) |
Fix the JPEG EXIF reader to deal with some broken/corrupt files
We parse the EXIF header in order to get the proper orientation, so
let's be a bit more careful in what we accept. This patch adds better
handling for reading past the end of the stream, plus it limits the
number of IFDs read (to avoid processing too much data) and deals with a
pathological case of the EXIF file format: EXIF (due to its TIFF
origins) permits the offset to the next IFD to be backwards in the file,
which means it could result in a loop or pointing to plain corrupt data.
We disallow any backwards pointers, since it seems that's what other
decoders do (libexif, for example).
Change-Id: Iaeecaffe26af4535b416fffd1489332db92e3888
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_back_pointers.jpg | bin | 0 -> 910 bytes | |||
-rw-r--r-- | tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_past_end.jpg | bin | 0 -> 910 bytes | |||
-rw-r--r-- | tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_ifds.jpg | bin | 0 -> 964 bytes | |||
-rw-r--r-- | tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_tags.jpg | bin | 0 -> 910 bytes | |||
-rw-r--r-- | tests/auto/gui/image/qimage/tst_qimage.cpp | 17 |
5 files changed, 14 insertions, 3 deletions
diff --git a/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_back_pointers.jpg b/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_back_pointers.jpg Binary files differnew file mode 100644 index 0000000000..164d3080a3 --- /dev/null +++ b/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_back_pointers.jpg diff --git a/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_past_end.jpg b/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_past_end.jpg Binary files differnew file mode 100644 index 0000000000..7e2451e6f9 --- /dev/null +++ b/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_past_end.jpg diff --git a/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_ifds.jpg b/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_ifds.jpg Binary files differnew file mode 100644 index 0000000000..52c6a93f08 --- /dev/null +++ b/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_ifds.jpg diff --git a/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_tags.jpg b/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_tags.jpg Binary files differnew file mode 100644 index 0000000000..6a080aada7 --- /dev/null +++ b/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_tags.jpg diff --git a/tests/auto/gui/image/qimage/tst_qimage.cpp b/tests/auto/gui/image/qimage/tst_qimage.cpp index 6f088bea24..28908bf230 100644 --- a/tests/auto/gui/image/qimage/tst_qimage.cpp +++ b/tests/auto/gui/image/qimage/tst_qimage.cpp @@ -187,7 +187,8 @@ private slots: void exifOrientation(); void exif_QTBUG45865(); - void exif_invalid_data_QTBUG46870(); + void exifInvalidData_data(); + void exifInvalidData(); void cleanupFunctions(); @@ -2981,10 +2982,20 @@ void tst_QImage::exif_QTBUG45865() QCOMPARE(image.size(), QSize(5, 8)); } -void tst_QImage::exif_invalid_data_QTBUG46870() +void tst_QImage::exifInvalidData_data() +{ + QTest::addColumn<bool>("$never used"); + QTest::newRow("QTBUG-46870"); + QTest::newRow("back_pointers"); + QTest::newRow("past_end"); + QTest::newRow("too_many_ifds"); + QTest::newRow("too_many_tags"); +} + +void tst_QImage::exifInvalidData() { QImage image; - QVERIFY(image.load(m_prefix + "jpeg_exif_invalid_data_QTBUG-46870.jpg")); + QVERIFY(image.load(m_prefix + "jpeg_exif_invalid_data_" + QTest::currentDataTag() + ".jpg")); QVERIFY(!image.isNull()); } |