From 988bfce1ed059c1fc14c3c298b05ef2a7fb52ad7 Mon Sep 17 00:00:00 2001 From: Vilson Vieira Date: Thu, 31 Dec 2015 16:44:35 -0200 Subject: [PATCH 1/3] Safe check makernote byte on Olympus cameras --- lib/exif/ExifImage.js | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/exif/ExifImage.js b/lib/exif/ExifImage.js index 0910c42..59de097 100644 --- a/lib/exif/ExifImage.js +++ b/lib/exif/ExifImage.js @@ -466,8 +466,13 @@ ExifImage.prototype.extractExifEntry = function (data, entryOffset, tiffOffset, case 0x0001: // unsigned byte, 1 byte per component entry.valueOffset = (entry.components <= 4) ? entryOffset + 8 : data.getLong(entryOffset + 8, isBigEndian) + tiffOffset; - for (var i = 0; i < entry.components; i++) - entry.value.push(data.getByte(entry.valueOffset + i)); + for (var i = 0; i < entry.components; i++) { + if (data.getByte(entry.valueOffset + i)) { + entry.value.push(data.getByte(entry.valueOffset + i)); + } else { + break; + } + } break; case 0x0002: // ascii strings, 1 byte per component @@ -1021,4 +1026,4 @@ ExifImage.TAGS = { } -}; \ No newline at end of file +}; From 579c10161212a5725d72d08cf08054d017cf9b20 Mon Sep 17 00:00:00 2001 From: Vilson Vieira Date: Wed, 13 Jan 2016 11:33:44 -0200 Subject: [PATCH 2/3] Safe check data while converting to string --- lib/exif/Buffer.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/exif/Buffer.js b/lib/exif/Buffer.js index ff8cc3b..c426ec8 100644 --- a/lib/exif/Buffer.js +++ b/lib/exif/Buffer.js @@ -33,7 +33,9 @@ Buffer.prototype.getSignedLong = function (offset, bigEndian) { Buffer.prototype.getString = function (offset, length) { var string = []; for (var i = offset; i < offset + length; i++) { - string.push(String.fromCharCode(this[i])); + if (this[i]) { + string.push(String.fromCharCode(this[i])); + } } return string.join(''); -}; \ No newline at end of file +}; From aae0918ea6b9231ab6854bf3805af8f94b686e08 Mon Sep 17 00:00:00 2001 From: Vilson Vieira Date: Sat, 30 Jan 2016 00:39:10 -0200 Subject: [PATCH 3/3] Safe check all formats --- lib/exif/ExifImage.js | 80 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 63 insertions(+), 17 deletions(-) diff --git a/lib/exif/ExifImage.js b/lib/exif/ExifImage.js index 59de097..539e302 100644 --- a/lib/exif/ExifImage.js +++ b/lib/exif/ExifImage.js @@ -427,6 +427,7 @@ ExifImage.prototype.extractExifData = function (data, start, length) { debug("Makernote IFD parsed",exifData.makernote); } + }; ExifImage.prototype.extractExifEntry = function (data, entryOffset, tiffOffset, isBigEndian, tags) { @@ -461,14 +462,14 @@ ExifImage.prototype.extractExifEntry = function (data, entryOffset, tiffOffset, } else { return false; } - switch (entry.format) { case 0x0001: // unsigned byte, 1 byte per component entry.valueOffset = (entry.components <= 4) ? entryOffset + 8 : data.getLong(entryOffset + 8, isBigEndian) + tiffOffset; for (var i = 0; i < entry.components; i++) { - if (data.getByte(entry.valueOffset + i)) { - entry.value.push(data.getByte(entry.valueOffset + i)); + var value = data.getByte(entry.valueOffset + i); + if (value) { + entry.value.push(value); } else { break; } @@ -477,6 +478,7 @@ ExifImage.prototype.extractExifEntry = function (data, entryOffset, tiffOffset, case 0x0002: // ascii strings, 1 byte per component entry.valueOffset = (entry.components <= 4) ? entryOffset + 8 : data.getLong(entryOffset + 8, isBigEndian) + tiffOffset; + entry.value = data.getString(entry.valueOffset, entry.components); if (entry.value[entry.value.length - 1] === "\u0000") // Trim null terminated strings entry.value = entry.value.substring(0, entry.value.length - 1); @@ -484,26 +486,51 @@ ExifImage.prototype.extractExifEntry = function (data, entryOffset, tiffOffset, case 0x0003: // unsigned short, 2 byte per component entry.valueOffset = (entry.components <= 2) ? entryOffset + 8 : data.getLong(entryOffset + 8, isBigEndian) + tiffOffset; - for (var i = 0; i < entry.components; i++) - entry.value.push(data.getShort(entry.valueOffset + i * 2, isBigEndian)); + for (var i = 0; i < entry.components; i++) { + var value = data.getShort(entry.valueOffset + i * 2, isBigEndian); + if (value) { + entry.value.push(value); + } else { + break; + } + } break; case 0x0004: // unsigned long, 4 byte per component entry.valueOffset = (entry.components == 1) ? entryOffset + 8 : data.getLong(entryOffset + 8, isBigEndian) + tiffOffset; - for (var i = 0; i < entry.components; i++) - entry.value.push(data.getLong(entry.valueOffset + i * 4, isBigEndian)); + for (var i = 0; i < entry.components; i++) { + var value = data.getLong(entry.valueOffset + i * 4, isBigEndian); + if (value) { + entry.value.push(value); + } else { + break; + } + } break; case 0x0005: // unsigned rational, 8 byte per component (4 byte numerator and 4 byte denominator) entry.valueOffset = data.getLong(entryOffset + 8, isBigEndian) + tiffOffset; - for (var i = 0; i < entry.components; i++) - entry.value.push(data.getLong(entry.valueOffset + i * 8, isBigEndian) / data.getLong(entry.valueOffset + i * 8 + 4, isBigEndian)); + for (var i = 0; i < entry.components; i++) { + var num = data.getLong(entry.valueOffset + i * 8, isBigEndian); + var den = data.getLong(entry.valueOffset + i * 8 + 4, isBigEndian); + if (num && den && den > 0) { + entry.value.push(num / den); + } else { + break; + } + } break; case 0x0006: // signed byte, 1 byte per component entry.valueOffset = (entry.components <= 4) ? entryOffset + 8 : data.getLong(entryOffset + 8, isBigEndian) + tiffOffset; - for (var i = 0; i < entry.components; i++) - entry.value.push(data.getSignedByte(entry.valueOffset + i)); + for (var i = 0; i < entry.components; i++) { + var value = data.getSignedByte(entry.valueOffset + i); + if (value) { + entry.value.push(value); + } else { + break; + } + } break; case 0x0007: // undefined, 1 byte per component @@ -513,20 +540,39 @@ ExifImage.prototype.extractExifEntry = function (data, entryOffset, tiffOffset, case 0x0008: // signed short, 2 byte per component entry.valueOffset = (entry.components <= 2) ? entryOffset + 8 : data.getLong(entryOffset + 8, isBigEndian) + tiffOffset; - for (var i = 0; i < entry.components; i++) - entry.value.push(data.getSignedShort(entry.valueOffset + i * 2, isBigEndian)); + for (var i = 0; i < entry.components; i++) { + var value = data.getSignedShort(entry.valueOffset + i * 2, isBigEndian); + if (value) { + entry.value.push(value); + } else { + break; + } + } break; case 0x0009: // signed long, 4 byte per component entry.valueOffset = (entry.components == 1) ? entryOffset + 8 : data.getLong(entryOffset + 8, isBigEndian) + tiffOffset; - for (var i = 0; i < entry.components; i++) - entry.value.push(data.getSignedLong(entry.valueOffset + i * 4, isBigEndian)); + for (var i = 0; i < entry.components; i++) { + var value = data.getSignedLong(entry.valueOffset + i * 4, isBigEndian); + if (value) { + entry.value.push(value); + } else { + break; + } + } break; case 0x000A: // signed rational, 8 byte per component (4 byte numerator and 4 byte denominator) entry.valueOffset = data.getLong(entryOffset + 8, isBigEndian) + tiffOffset; - for (var i = 0; i < entry.components; i++) - entry.value.push(data.getSignedLong(entry.valueOffset + i * 8, isBigEndian) / data.getSignedLong(entry.valueOffset + i * 8 + 4, isBigEndian)); + for (var i = 0; i < entry.components; i++) { + var num = data.getSignedLong(entry.valueOffset + i * 8, isBigEndian); + var den = data.getSignedLong(entry.valueOffset + i * 8 + 4, isBigEndian); + if (num && den && den > 0) { + entry.value.push(num / den); + } else { + break; + } + } break; default: