]> granicus.if.org Git - imagemagick/commitdiff
Changed the JPEG writer to raise a warning when the exif profile exceeds 65533 bytes...
authordirk <dirk@git.imagemagick.org>
Sat, 13 Aug 2016 07:06:34 +0000 (09:06 +0200)
committerdirk <dirk@git.imagemagick.org>
Sat, 13 Aug 2016 07:06:34 +0000 (09:06 +0200)
coders/jpeg.c
config/english.xml

index 73f6e49d8a50431ce0fee542bb5b6d96bbd1ecba..74a180c97fad8e789ce617e0102ffff3968b812c 100644 (file)
@@ -1908,7 +1908,8 @@ static void TerminateDestination(j_compress_ptr cinfo)
     }
 }
 
-static void WriteProfile(j_compress_ptr jpeg_info,Image *image)
+static void WriteProfile(j_compress_ptr jpeg_info,Image *image,
+  ExceptionInfo *exception)
 {
   const char
     *name;
@@ -1939,10 +1940,15 @@ static void WriteProfile(j_compress_ptr jpeg_info,Image *image)
   {
     profile=GetImageProfile(image,name);
     if (LocaleCompare(name,"EXIF") == 0)
-      for (i=0; i < (ssize_t) GetStringInfoLength(profile); i+=65533L)
       {
-        length=MagickMin(GetStringInfoLength(profile)-i,65533L);
-        jpeg_write_marker(jpeg_info,XML_MARKER,GetStringInfoDatum(profile)+i,
+        length=GetStringInfoLength(profile);
+        if (length > 65533L)
+          {
+            (void) ThrowMagickException(exception,GetMagickModule(),
+              CoderWarning,"ExifProfileSizeExceedsLimit",image->filename);
+            length=65533L;
+          }
+        jpeg_write_marker(jpeg_info,XML_MARKER,GetStringInfoDatum(profile),
           (unsigned int) length);
       }
     if (LocaleCompare(name,"ICC") == 0)
@@ -2670,7 +2676,7 @@ static MagickBooleanType WriteJPEGImage(const ImageInfo *image_info,
       jpeg_write_marker(&jpeg_info,JPEG_COM,(unsigned char *) value+i,
         (unsigned int) MagickMin((size_t) strlen(value+i),65533L));
   if (image->profiles != (void *) NULL)
-    WriteProfile(&jpeg_info,image);
+    WriteProfile(&jpeg_info,image,exception);
   /*
     Convert MIFF to JPEG raster pixels.
   */
index 1837fe31b2b4dafb44febe7a21d2fd7744a8a965..dbaa11d800207f919f6ccd80444d8d0a6a12caba 100644 (file)
         </message>
       </error>
       <warning>
+        <message name="ExifProfileSizeExceedsLimit">
+          exif profile size exceeds limit and will be truncated
+        </message>
         <message name="LosslessToLossyJPEGConversion">
           lossless to lossy JPEG conversion
         </message>