Compatibility with PNG images with zero-length EXIF chunk

[jkh19]

Describe the issue While using the Sharp library in a downstream application, we've encountered >100 images that could not be processed due to Input file has corrupt header: pngload: reached chunk/cache limits errors.

After reporting the issue to the Sharp library, it was discovered that the root cause is that these PNG images have zero-length chunks for the EXIF chunk, which must be at least 4 bytes to determine endianness.

It was suggested to open this upstream issue with a link to https://github.com/randy408/libspng/issues/14 to see if this use case falls under the category of conformance vs compatibility.

To Reproduce

Attempt to use the following PNG image with the library:

Receive Input file has corrupt header: pngload: reached chunk/cache limits.

Platform (please complete the following information):

  System:
    OS: Windows 10 10.0.22621
    CPU: (12) ia32 Intel(R) Core(TM) i7-10850H CPU @ 2.70GHz
    Memory: 3.55 GB / 31.75 GB
  Binaries:
    Node: 14.16.1 - C:\Program Files (x86)\nodejs\node.EXE
    npm: 6.14.12 - C:\Program Files (x86)\nodejs\npm.CMD
  npmPackages:
    sharp: ^0.32.0 => 0.32.0

Additional analysis of PNG file

> pngchunks github.png
Chunk: Data Length 13 (max 2147483647), Type 1380206665 [IHDR]
  Critical, public, PNG 1.2 compliant, unsafe to copy
  IHDR Width: 474
  IHDR Height: 203
  IHDR Bitdepth: 8
  IHDR Colortype: 6
  IHDR Compression: 0
  IHDR Filter: 0
  IHDR Interlace: 0
  IHDR Compression algorithm is Deflate
  IHDR Filter method is type zero (None, Sub, Up, Average, Paeth)
  IHDR Interlacing is disabled
  Chunk CRC: -921087451
Chunk: Data Length 9 (max 2147483647), Type 1935231088 [pHYs]
  Ancillary, public, PNG 1.2 compliant, safe to copy
  ... Unknown chunk type
  Chunk CRC: -1792340453
Chunk: Data Length 0 (max 2147483647), Type 1716082789 [eXIf]
  Ancillary, public, PNG 1.2 compliant, safe to copy
  ... Unknown chunk type
  Chunk CRC: -898001148
Chunk: Data Length 65535 (max 2147483647), Type 1413563465 [IDAT]
  Critical, public, PNG 1.2 compliant, unsafe to copy
  IDAT contains image data
  Chunk CRC: 184233720
Chunk: Data Length 1462 (max 2147483647), Type 1413563465 [IDAT]
  Critical, public, PNG 1.2 compliant, unsafe to copy
  IDAT contains image data
  Chunk CRC: -1722838905
Chunk: Data Length 0 (max 2147483647), Type 1145980233 [IEND]
  Critical, public, PNG 1.2 compliant, unsafe to copy
  IEND contains no data
  Chunk CRC: -1371381630

> identify -verbose github.png
Image: github.png
  Format: PNG (Portable Network Graphics)
  Mime type: image/png
  Class: DirectClass
  Geometry: 474x203+0+0
  Resolution: 37.8x37.8
  Print size: 12.5397x5.37037
  Units: PixelsPerCentimeter
  Type: TrueColorAlpha
  Endianess: Undefined
  Colorspace: sRGB
  Depth: 8-bit
  Channel depth:
    red: 8-bit
    green: 8-bit
    blue: 8-bit
    alpha: 1-bit
  Channel statistics:
    Pixels: 96222
    Red:
      min: 0 (0)
      max: 255 (1)
      mean: 203.356 (0.797476)
      standard deviation: 80.0715 (0.314006)
      kurtosis: 0.68982
      skewness: -1.49184
      entropy: 0.667276
    Green:
      min: 0 (0)
      max: 255 (1)
      mean: 206.761 (0.810826)
      standard deviation: 79.2277 (0.310697)
      kurtosis: 0.793384
      skewness: -1.51669
      entropy: 0.645526
    Blue:
      min: 0 (0)
      max: 255 (1)
      mean: 208.438 (0.817405)
      standard deviation: 78.8095 (0.309057)
      kurtosis: 0.841869
      skewness: -1.52802
      entropy: 0.600285
    Alpha:
      min: 255 (1)
      max: 255 (1)
      mean: 255 (1)
      standard deviation: 0 (0)
      kurtosis: 0
      skewness: 0
      entropy: 0
  Image statistics:
    Overall:
      min: 0 (0)
      max: 255 (1)
      mean: 154.639 (0.606427)
      standard deviation: 68.7376 (0.269559)
      kurtosis: 6.81664
      skewness: -2.02606
      entropy: 0.478272
  Rendering intent: Perceptual
  Gamma: 0.454545
  Chromaticity:
    red primary: (0.64,0.33)
    green primary: (0.3,0.6)
    blue primary: (0.15,0.06)
    white point: (0.3127,0.329)
  Background color: white
  Border color: srgba(223,223,223,1)
  Matte color: grey74
  Transparent color: none
  Interlace: None
  Intensity: Undefined
  Compose: Over
  Page geometry: 474x203+0+0
  Dispose: Undefined
  Iterations: 0
  Compression: Zip
  Orientation: Undefined
  Properties:
    date:create: 2023-04-19T23:25:28-04:00
    date:modify: 2023-04-19T23:25:27-04:00
    png:IHDR.bit-depth-orig: 8
    png:IHDR.bit_depth: 8
    png:IHDR.color-type-orig: 6
    png:IHDR.color_type: 6 (RGBA)
    png:IHDR.interlace_method: 0 (Not interlaced)
    png:IHDR.width,height: 474, 203
    png:pHYs: x_res=3780, y_res=3780, units=1
    png:sRGB: intent=0 (Perceptual Intent)
    signature: 59f9052a04db41e378cd7aefb15703cf0d39f23bf56a6ca8a537298b4e662c1a
  Artifacts:
    filename: github.png
    verbose: true
  Tainted: False
  Filesize: 67.1KB
  Number pixels: 96.2K
  Pixels per second: 9.622MB
  User time: 0.000u
  Elapsed time: 0:01.010
  Version: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org
identify-im6.q16: eXIf: too short `github.png' @ warning/png.c/MagickPNGWarningHandler/1654.

[randy408]

It is supposed to ignore zero-length EXIF's, but a missing length check turned into an internal error.

The fix will be shipped in a new release soon.

[jkh19]

@randy408 - Great, thanks for merging in the fix.

Do you happen to have a general idea around a planned release schedule? I am just trying to weigh the option of investigating workarounds in the meantime.

Thanks!

[randy408]

I'd say less than a week for a new stable release.