Fixes a panic that can be caused by bad input data

rwcarlsen / goexif

Decode embedded EXIF meta data from image files.

BSD 2-Clause "Simplified" License

627 stars 134 forks source link

Fixes a panic that can be caused by bad input data #49

Closed ssoroka closed 5 years ago

ssoroka commented 7 years ago

Found this panic using go-fuzz.

Relevant panic output was:

panic: runtime error: index out of range

goroutine 1 [running]:
github.com/rwcarlsen/goexif/exif.(*parser).Parse(0xb0c2b0, 0xc4200161b0, 0xc4200161e0, 0x0)
github.com/rwcarlsen/goexif/exif/exif.go:147 +0x4c5
github.com/rwcarlsen/goexif/exif.Decode(0xac2ba0, 0xc420016090, 0xc42054fab8, 0x1051e, 0xc420016090)
github.com/rwcarlsen/goexif/exif/exif.go:287 +0x6ea
[...]

I can provide the input that triggered the crash if required.

ssoroka commented 7 years ago

resolves https://github.com/rwcarlsen/goexif/issues/39

xor-gate commented 7 years ago

@ssoroka It seems the author is not very active in this project anymore, many forks have been created. I would like to make this stable and I created goexif2 which integrates your patch: https://github.com/xor-gate/goexif2/commit/c654e02dde9e792a47fffbef9b73a0409083dcfb