Panic when checking broken tiff file

image-rs 59358a63822993d10c96ff8d9b062378d3e4f94d

code

fn check_file(file_path: &str) {
    let res = match image::open(file_path) {
        Ok(res) => res,
        Err(e) => {
            eprintln!("Error: {}", e);
            return;
        }
    };

    for format in [
        ImageFormat::Bmp,
        ImageFormat::Farbfeld,
        ImageFormat::Ico,
        ImageFormat::Jpeg,
        ImageFormat::Png,
        ImageFormat::Pnm,
        ImageFormat::Tiff,
        ImageFormat::WebP,
        ImageFormat::Tga,
        ImageFormat::Dds,
        ImageFormat::Hdr,
        ImageFormat::OpenExr,
        ImageFormat::Avif,
        ImageFormat::Qoi,
    ]
        .into_iter()
    {
        let buffer: Vec<u8> = Vec::new();
        if let Err(e) = res.write_to(&mut Cursor::new(buffer), format) {
            eprintln!("Error: {}", e);
        };
    }
}

file - compressed.zip

thread 'main' panicked at /home/runner/.cargo/git/checkouts/image-c1c0bf49fde10069/59358a6/src/codecs/tiff.rs:247:21:
source slice length (24300) does not match destination slice length (97200)
stack backtrace:
   0: rust_begin_unwind
             at /rustc/129f3b9964af4d4a709d1383930ade12dfe7c081/library/std/src/panicking.rs:652:5
   1: core::panicking::panic_fmt
             at /rustc/129f3b9964af4d4a709d1383930ade12dfe7c081/library/core/src/panicking.rs:72:14
   2: core::slice::<impl [T]>::copy_from_slice::len_mismatch_fail
             at /rustc/129f3b9964af4d4a709d1383930ade12dfe7c081/library/core/src/slice/mod.rs:3634:13
   3: core::slice::<impl [T]>::copy_from_slice
             at /rustc/129f3b9964af4d4a709d1383930ade12dfe7c081/library/core/src/slice/mod.rs:3641:13
   4: <image::codecs::tiff::TiffDecoder<R> as image::image::ImageDecoder>::read_image
             at /home/runner/.cargo/git/checkouts/image-c1c0bf49fde10069/59358a6/src/codecs/tiff.rs:247:17
   5: <image::codecs::tiff::TiffDecoder<R> as image::image::ImageDecoder>::read_image_boxed
             at /home/runner/.cargo/git/checkouts/image-c1c0bf49fde10069/59358a6/src/codecs/tiff.rs:281:9
   6: <alloc::boxed::Box<T> as image::image::ImageDecoder>::read_image
             at /home/runner/.cargo/git/checkouts/image-c1c0bf49fde10069/59358a6/src/image.rs:720:9
   7: image::image::decoder_to_vec
             at /home/runner/.cargo/git/checkouts/image-c1c0bf49fde10069/59358a6/src/image.rs:607:5
   8: image::dynimage::decoder_to_image
             at /home/runner/.cargo/git/checkouts/image-c1c0bf49fde10069/59358a6/src/dynimage.rs:1113:23
   9: image::dynimage::DynamicImage::from_decoder
             at /home/runner/.cargo/git/checkouts/image-c1c0bf49fde10069/59358a6/src/dynimage.rs:221:9
  10: image::image_reader::image_reader_type::ImageReader<R>::decode
             at /home/runner/.cargo/git/checkouts/image-c1c0bf49fde10069/59358a6/src/image_reader/image_reader_type.rs:271:9
  11: image::dynimage::open
             at /home/runner/.cargo/git/checkouts/image-c1c0bf49fde10069/59358a6/src/dynimage.rs:1175:5
  12: image::check_file
             at ./src/crates/image/src/main.rs:25:21
  13: image::main
             at ./src/crates/image/src/main.rs:20:9
  14: core::ops::function::FnOnce::call_once
             at /rustc/129f3b9964af4d4a709d1383930ade12dfe7c081/library/core/src/ops/function.rs:250:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
timeout: the monitored command dumped core

##### Automatic Fuzzer note, output status "None", output signal "Some(6)"

image-rs / image

Panic when checking broken tiff file #2281