Closed joeshaw closed 5 years ago
I've started running https://github.com/dvyukov/go-fuzz against goexif. One panic I've seen is:
panic: runtime error: index out of range goroutine 1 [running]: github.com/rwcarlsen/goexif/exif.(*parser).Parse(0x2b3f60, 0x20832e510, 0x0, 0x0) /var/folders/69/cstplpp51jz6f9_5m_m__3gh0000gq/T/go-fuzz-build329778221/src/github.com/rwcarlsen/goexif/exif/exif.go:147 +0x77a github.com/rwcarlsen/goexif/exif.Decode(0x2208307a30, 0x208312080, 0x2b3d58, 0x0, 0x0) /var/folders/69/cstplpp51jz6f9_5m_m__3gh0000gq/T/go-fuzz-build329778221/src/github.com/rwcarlsen/goexif/exif/exif.go:287 +0xec4 github.com/joeshaw/goexif-fuzz.Fuzz(0x22084b6000, 0x1a45, 0x200000, 0x1) /var/folders/69/cstplpp51jz6f9_5m_m__3gh0000gq/T/go-fuzz-build329778221/src/github.com/joeshaw/goexif-fuzz/fuzz.go:10 +0x133 github.com/dvyukov/go-fuzz/go-fuzz-dep.Main(0x21c378) /Users/joeshaw/src/gosrc/src/github.com/dvyukov/go-fuzz/go-fuzz-dep/main.go:44 +0x13d main.main() /var/folders/69/cstplpp51jz6f9_5m_m__3gh0000gq/T/go-fuzz-build329778221/src/go-fuzz-main/main.go:10 +0x2a
This is because x.Tiff.Dirs has length 0. The exact data fed in is:
x.Tiff.Dirs
"II*\x00\x00\x00\x00\x00"
I'm not sure about what the right level to fix this is. I see a few options:
tiff.Tiff
len(t.Dirs) == 0
tiff.Decode()
exif.parser.Parse()
len(x.Tiff.Dirs)
Fixed by #49
I've started running https://github.com/dvyukov/go-fuzz against goexif. One panic I've seen is:
This is because
x.Tiff.Dirs
has length 0. The exact data fed in is:I'm not sure about what the right level to fix this is. I see a few options:
tiff.Tiff
withlen(t.Dirs) == 0
? If not, an error should probably be thrown fromtiff.Decode()
.exif.parser.Parse()
should checklen(x.Tiff.Dirs)
before accessing the first element and error out.