TIFF: guard against corrupt files with buffer overflows (#3628)

Along the way, improve the runtest.py script by giving the info_command() fuction the same silent, concat, and failureok parameters that the oiiotool() function has. (This lets individual tests assemble iinfo command lines with a little more flexibility.)
AcademySoftwareFoundation · Oct 23, 2022 · acfb6a9 · acfb6a9
1 parent e44400f
commit acfb6a9
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 6 deletions.
diff --git a/src/tiff.imageio/tiffinput.cpp b/src/tiff.imageio/tiffinput.cpp
@@ -294,10 +294,7 @@ class TIFFInput final : public ImageInput {
             // the file. Punt.
         }
         if (ok && s && *s) {
-            result = string_view(s, count);
-            // Strip off sometimes-errant extra null characters
-            while (result.size() && result.back() == '\0')
-                result.remove_suffix(1);
+            result = Strutil::safe_string_view(s, count);
         }
         return ok;
     }

diff --git a/testsuite/tiff-misc/ref/out-libtiff403.txt b/testsuite/tiff-misc/ref/out-libtiff403.txt
@@ -0,0 +1,21 @@
+Reading src/separate.tif
+src/separate.tif     :  128 x  128, 3 channel, uint8 tiff
+    SHA-1: 486088DECAE711C444FDCAB009C378F7783AD9C5
+    channel list: R, G, B
+    compression: "zip"
+    DateTime: "2020:10:25 15:32:04"
+    Orientation: 1 (normal)
+    planarconfig: "separate"
+    Software: "OpenImageIO 2.3.0dev : oiiotool --pattern fill:topleft=0,0,0:topright=1,0,0:bottomleft=0,1,0:bottomright=1,1,1 128x128 3 --planarconfig separate -scanline -attrib tiff:rowsperstrip 17 -d uint8 -o separate.tif"
+    oiio:BitsPerSample: 8
+    tiff:Compression: 8
+    tiff:PhotometricInterpretation: 2
+    tiff:PlanarConfiguration: 2
+    tiff:RowsPerStrip: 7
+Comparing "src/separate.tif" and "separate.tif"
+PASS
+oiiotool ERROR: read : "src/corrupt1.tif": Could not open file: IO error during reading of "StripOffsets"
+Full command line was:
+> oiiotool -colorconfig ../common/OpenColorIO/nuke-default/config.ocio --oiioattrib try_all_readers 0 --info -v src/corrupt1.tif
+Comparing "check1.tif" and "ref/check1.tif"
+PASS
diff --git a/testsuite/tiff-misc/ref/out.txt b/testsuite/tiff-misc/ref/out.txt
@@ -14,5 +14,8 @@ src/separate.tif     :  128 x  128, 3 channel, uint8 tiff
     tiff:RowsPerStrip: 7
 Comparing "src/separate.tif" and "separate.tif"
 PASS
+oiiotool ERROR: read : No support for data format of "src/corrupt1.tif"
+Full command line was:
+> oiiotool -colorconfig ../common/OpenColorIO/nuke-default/config.ocio --oiioattrib try_all_readers 0 --info -v src/corrupt1.tif
 Comparing "check1.tif" and "ref/check1.tif"
 PASS
diff --git a/testsuite/tiff-misc/run.py b/testsuite/tiff-misc/run.py
@@ -2,14 +2,19 @@
 
 # Miscellaneous TIFF-related tests
 
-outputs = [ ]
+# save the error output
+redirect = " >> out.txt 2>&1 "
 
 # Regression test -- we once had a bug where 'separate' planarconfig
 # tiled float files would have data corrupted by a buffer overwrite.
 command += oiiotool("--pattern checker 128x128 4 --tile 64 64 --planarconfig separate -d float -o check1.tif")
-outputs += [ "check1.tif" ]
 
 # Test bug we had until OIIO 2.3 when reading planarconfig=separate files
 # (fixed by #2757) that was not detected by the uncompressed file. So copy
 # to force compression in order to properly test:
 command += rw_command ("src", "separate.tif")
+
+# Test bug we had until OIIO 2.4 for this corrupt file
+command += oiiotool ("--oiioattrib try_all_readers 0 --info -v src/corrupt1.tif", failureok = True)
+
+outputs = [ "check1.tif", "out.txt" ]
diff --git a/testsuite/tiff-misc/src/corrupt1.tif b/testsuite/tiff-misc/src/corrupt1.tif