summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorThiago Macieira <thiago.macieira@intel.com>2016-11-21 15:17:03 -0800
committerJani Heikkinen <jani.heikkinen@qt.io>2016-12-01 08:17:04 +0000
commita55f36211efe1bb0d6717c8545366120bd6dfd9f (patch)
tree74bb85f764c2e477715b38f77de63657b42e9d28 /tests
parentdb6c31af0177025f178cb42d5febbdc47dc87778 (diff)
Fix the JPEG EXIF reader to deal with some broken/corrupt filesv5.7.1
We parse the EXIF header in order to get the proper orientation, so let's be a bit more careful in what we accept. This patch adds better handling for reading past the end of the stream, plus it limits the number of IFDs read (to avoid processing too much data) and deals with a pathological case of the EXIF file format: EXIF (due to its TIFF origins) permits the offset to the next IFD to be backwards in the file, which means it could result in a loop or pointing to plain corrupt data. We disallow any backwards pointers, since it seems that's what other decoders do (libexif, for example). Change-Id: Iaeecaffe26af4535b416fffd1489332db92e3888 (cherry picked from 5.6 commit 02150649f95b8f46f826e6e002be3fa0b6d009bc) Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'tests')
-rw-r--r--tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_back_pointers.jpgbin0 -> 910 bytes
-rw-r--r--tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_past_end.jpgbin0 -> 910 bytes
-rw-r--r--tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_ifds.jpgbin0 -> 964 bytes
-rw-r--r--tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_tags.jpgbin0 -> 910 bytes
-rw-r--r--tests/auto/gui/image/qimage/tst_qimage.cpp17
5 files changed, 14 insertions, 3 deletions
diff --git a/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_back_pointers.jpg b/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_back_pointers.jpg
new file mode 100644
index 0000000000..164d3080a3
--- /dev/null
+++ b/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_back_pointers.jpg
Binary files differ
diff --git a/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_past_end.jpg b/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_past_end.jpg
new file mode 100644
index 0000000000..7e2451e6f9
--- /dev/null
+++ b/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_past_end.jpg
Binary files differ
diff --git a/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_ifds.jpg b/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_ifds.jpg
new file mode 100644
index 0000000000..52c6a93f08
--- /dev/null
+++ b/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_ifds.jpg
Binary files differ
diff --git a/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_tags.jpg b/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_tags.jpg
new file mode 100644
index 0000000000..6a080aada7
--- /dev/null
+++ b/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_tags.jpg
Binary files differ
diff --git a/tests/auto/gui/image/qimage/tst_qimage.cpp b/tests/auto/gui/image/qimage/tst_qimage.cpp
index 85d258de5b..26772d5655 100644
--- a/tests/auto/gui/image/qimage/tst_qimage.cpp
+++ b/tests/auto/gui/image/qimage/tst_qimage.cpp
@@ -183,7 +183,8 @@ private slots:
void exifOrientation();
void exif_QTBUG45865();
- void exif_invalid_data_QTBUG46870();
+ void exifInvalidData_data();
+ void exifInvalidData();
void cleanupFunctions();
@@ -3028,10 +3029,20 @@ void tst_QImage::exif_QTBUG45865()
QCOMPARE(image.size(), QSize(5, 8));
}
-void tst_QImage::exif_invalid_data_QTBUG46870()
+void tst_QImage::exifInvalidData_data()
+{
+ QTest::addColumn<bool>("$never used");
+ QTest::newRow("QTBUG-46870");
+ QTest::newRow("back_pointers");
+ QTest::newRow("past_end");
+ QTest::newRow("too_many_ifds");
+ QTest::newRow("too_many_tags");
+}
+
+void tst_QImage::exifInvalidData()
{
QImage image;
- QVERIFY(image.load(m_prefix + "jpeg_exif_invalid_data_QTBUG-46870.jpg"));
+ QVERIFY(image.load(m_prefix + "jpeg_exif_invalid_data_" + QTest::currentDataTag() + ".jpg"));
QVERIFY(!image.isNull());
}