From a55f36211efe1bb0d6717c8545366120bd6dfd9f Mon Sep 17 00:00:00 2001 From: Thiago Macieira Date: Mon, 21 Nov 2016 15:17:03 -0800 Subject: Fix the JPEG EXIF reader to deal with some broken/corrupt files We parse the EXIF header in order to get the proper orientation, so let's be a bit more careful in what we accept. This patch adds better handling for reading past the end of the stream, plus it limits the number of IFDs read (to avoid processing too much data) and deals with a pathological case of the EXIF file format: EXIF (due to its TIFF origins) permits the offset to the next IFD to be backwards in the file, which means it could result in a loop or pointing to plain corrupt data. We disallow any backwards pointers, since it seems that's what other decoders do (libexif, for example). Change-Id: Iaeecaffe26af4535b416fffd1489332db92e3888 (cherry picked from 5.6 commit 02150649f95b8f46f826e6e002be3fa0b6d009bc) Reviewed-by: Allan Sandfeld Jensen --- .../images/jpeg_exif_invalid_data_too_many_tags.jpg | Bin 0 -> 910 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_tags.jpg (limited to 'tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_tags.jpg') diff --git a/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_tags.jpg b/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_tags.jpg new file mode 100644 index 0000000000..6a080aada7 Binary files /dev/null and b/tests/auto/gui/image/qimage/images/jpeg_exif_invalid_data_too_many_tags.jpg differ -- cgit v1.2.3