Changeset 12383

Show
Ignore:
Timestamp:
10/12/07 16:29:29 (1 year ago)
Author:
warmerdam
Message:

avoid crashing given corrupt exif info, better error checking (#1904)

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branches/1.4/gdal/frmts/jpeg/jpgdataset.cpp

    r12087 r12383  
    398398/*      Read number of entry in directory                               */ 
    399399/* -------------------------------------------------------------------- */ 
    400     VSIFSeekL(fp, nOffset+nTIFFHEADER, SEEK_SET); 
    401  
    402     if(VSIFReadL(&nEntryCount,1,sizeof(GUInt16),fp) != sizeof(GUInt16))  
     400    if( VSIFSeekL(fp, nOffset+nTIFFHEADER, SEEK_SET) != 0  
     401        || VSIFReadL(&nEntryCount,1,sizeof(GUInt16),fp) != sizeof(GUInt16) ) 
     402    { 
    403403        CPLError( CE_Failure, CPLE_AppDefined, 
    404                   "Error directory count"); 
     404                  "Error reading EXIF Directory count at %d.", 
     405                  nOffset + nTIFFHEADER ); 
     406        return CE_Failure; 
     407    } 
    405408 
    406409    if (bSwabflag) 
     
    411414        return CE_None; 
    412415 
     416    // Some files are corrupt, a large entry count is a sign of this. 
     417    if( nEntryCount > 125 ) 
     418    { 
     419        CPLError( CE_Warning, CPLE_AppDefined, 
     420                  "Ignoring EXIF directory with unlikely entry count (%d).", 
     421                  nEntryCount ); 
     422        return CE_Warning; 
     423    } 
     424 
    413425    poTIFFDir = (TIFFDirEntry *)CPLMalloc(nEntryCount * sizeof(TIFFDirEntry)); 
    414426 
    415427    if (poTIFFDir == NULL)  
     428    { 
    416429        CPLError( CE_Failure, CPLE_AppDefined, 
    417430                  "No space for TIFF directory"); 
     431        return CE_Failure; 
     432    } 
    418433   
    419434/* -------------------------------------------------------------------- */ 
     
    422437    n = VSIFReadL(poTIFFDir, 1,nEntryCount*sizeof(TIFFDirEntry),fp); 
    423438    if (n != nEntryCount*sizeof(TIFFDirEntry))  
     439    { 
    424440        CPLError( CE_Failure, CPLE_AppDefined, 
    425441                  "Could not read all directories"); 
     442        return CE_Failure; 
     443    } 
    426444 
    427445/* -------------------------------------------------------------------- */ 
     
    440458/* -------------------------------------------------------------------- */ 
    441459        pszName[0] = '\0'; 
     460        pszTemp[0] = '\0'; 
    442461 
    443462        for (poExifTags = tagnames; poExifTags->tag; poExifTags++) 
     
    560579/*      The data is being read where tdir_offset point to in the file   */ 
    561580/* -------------------------------------------------------------------- */ 
    562         else { 
    563  
     581        else if (space > 0 && space < MAXSTRINGLENGTH)  
     582        { 
    564583            unsigned char *data = (unsigned char *)CPLMalloc(space); 
    565584 
     
    602621            } 
    603622        } 
     623        else 
     624        { 
     625            CPLError( CE_Warning, CPLE_AppDefined, 
     626                      "Invalid EXIF header size: %ld, ignoring tag.", space ); 
     627        } 
     628 
    604629        papszMetadata = CSLSetNameValue(papszMetadata, pszName, pszTemp); 
    605630    }