Skip to content

Commit aae0918

Browse files
automataautomata
committed
Safe check all formats
1 parent 579c101 commit aae0918

1 file changed

Lines changed: 63 additions & 17 deletions

File tree

lib/exif/ExifImage.js

Lines changed: 63 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -427,6 +427,7 @@ ExifImage.prototype.extractExifData = function (data, start, length) {
427427

428428
debug("Makernote IFD parsed",exifData.makernote);
429429
}
430+
430431
};
431432

432433
ExifImage.prototype.extractExifEntry = function (data, entryOffset, tiffOffset, isBigEndian, tags) {
@@ -461,14 +462,14 @@ ExifImage.prototype.extractExifEntry = function (data, entryOffset, tiffOffset,
461462
} else {
462463
return false;
463464
}
464-
465465
switch (entry.format) {
466466

467467
case 0x0001: // unsigned byte, 1 byte per component
468468
entry.valueOffset = (entry.components <= 4) ? entryOffset + 8 : data.getLong(entryOffset + 8, isBigEndian) + tiffOffset;
469469
for (var i = 0; i < entry.components; i++) {
470-
if (data.getByte(entry.valueOffset + i)) {
471-
entry.value.push(data.getByte(entry.valueOffset + i));
470+
var value = data.getByte(entry.valueOffset + i);
471+
if (value) {
472+
entry.value.push(value);
472473
} else {
473474
break;
474475
}
@@ -477,33 +478,59 @@ ExifImage.prototype.extractExifEntry = function (data, entryOffset, tiffOffset,
477478

478479
case 0x0002: // ascii strings, 1 byte per component
479480
entry.valueOffset = (entry.components <= 4) ? entryOffset + 8 : data.getLong(entryOffset + 8, isBigEndian) + tiffOffset;
481+
480482
entry.value = data.getString(entry.valueOffset, entry.components);
481483
if (entry.value[entry.value.length - 1] === "\u0000") // Trim null terminated strings
482484
entry.value = entry.value.substring(0, entry.value.length - 1);
483485
break;
484486

485487
case 0x0003: // unsigned short, 2 byte per component
486488
entry.valueOffset = (entry.components <= 2) ? entryOffset + 8 : data.getLong(entryOffset + 8, isBigEndian) + tiffOffset;
487-
for (var i = 0; i < entry.components; i++)
488-
entry.value.push(data.getShort(entry.valueOffset + i * 2, isBigEndian));
489+
for (var i = 0; i < entry.components; i++) {
490+
var value = data.getShort(entry.valueOffset + i * 2, isBigEndian);
491+
if (value) {
492+
entry.value.push(value);
493+
} else {
494+
break;
495+
}
496+
}
489497
break;
490498

491499
case 0x0004: // unsigned long, 4 byte per component
492500
entry.valueOffset = (entry.components == 1) ? entryOffset + 8 : data.getLong(entryOffset + 8, isBigEndian) + tiffOffset;
493-
for (var i = 0; i < entry.components; i++)
494-
entry.value.push(data.getLong(entry.valueOffset + i * 4, isBigEndian));
501+
for (var i = 0; i < entry.components; i++) {
502+
var value = data.getLong(entry.valueOffset + i * 4, isBigEndian);
503+
if (value) {
504+
entry.value.push(value);
505+
} else {
506+
break;
507+
}
508+
}
495509
break;
496510

497511
case 0x0005: // unsigned rational, 8 byte per component (4 byte numerator and 4 byte denominator)
498512
entry.valueOffset = data.getLong(entryOffset + 8, isBigEndian) + tiffOffset;
499-
for (var i = 0; i < entry.components; i++)
500-
entry.value.push(data.getLong(entry.valueOffset + i * 8, isBigEndian) / data.getLong(entry.valueOffset + i * 8 + 4, isBigEndian));
513+
for (var i = 0; i < entry.components; i++) {
514+
var num = data.getLong(entry.valueOffset + i * 8, isBigEndian);
515+
var den = data.getLong(entry.valueOffset + i * 8 + 4, isBigEndian);
516+
if (num && den && den > 0) {
517+
entry.value.push(num / den);
518+
} else {
519+
break;
520+
}
521+
}
501522
break;
502523

503524
case 0x0006: // signed byte, 1 byte per component
504525
entry.valueOffset = (entry.components <= 4) ? entryOffset + 8 : data.getLong(entryOffset + 8, isBigEndian) + tiffOffset;
505-
for (var i = 0; i < entry.components; i++)
506-
entry.value.push(data.getSignedByte(entry.valueOffset + i));
526+
for (var i = 0; i < entry.components; i++) {
527+
var value = data.getSignedByte(entry.valueOffset + i);
528+
if (value) {
529+
entry.value.push(value);
530+
} else {
531+
break;
532+
}
533+
}
507534
break;
508535

509536
case 0x0007: // undefined, 1 byte per component
@@ -513,20 +540,39 @@ ExifImage.prototype.extractExifEntry = function (data, entryOffset, tiffOffset,
513540

514541
case 0x0008: // signed short, 2 byte per component
515542
entry.valueOffset = (entry.components <= 2) ? entryOffset + 8 : data.getLong(entryOffset + 8, isBigEndian) + tiffOffset;
516-
for (var i = 0; i < entry.components; i++)
517-
entry.value.push(data.getSignedShort(entry.valueOffset + i * 2, isBigEndian));
543+
for (var i = 0; i < entry.components; i++) {
544+
var value = data.getSignedShort(entry.valueOffset + i * 2, isBigEndian);
545+
if (value) {
546+
entry.value.push(value);
547+
} else {
548+
break;
549+
}
550+
}
518551
break;
519552

520553
case 0x0009: // signed long, 4 byte per component
521554
entry.valueOffset = (entry.components == 1) ? entryOffset + 8 : data.getLong(entryOffset + 8, isBigEndian) + tiffOffset;
522-
for (var i = 0; i < entry.components; i++)
523-
entry.value.push(data.getSignedLong(entry.valueOffset + i * 4, isBigEndian));
555+
for (var i = 0; i < entry.components; i++) {
556+
var value = data.getSignedLong(entry.valueOffset + i * 4, isBigEndian);
557+
if (value) {
558+
entry.value.push(value);
559+
} else {
560+
break;
561+
}
562+
}
524563
break;
525564

526565
case 0x000A: // signed rational, 8 byte per component (4 byte numerator and 4 byte denominator)
527566
entry.valueOffset = data.getLong(entryOffset + 8, isBigEndian) + tiffOffset;
528-
for (var i = 0; i < entry.components; i++)
529-
entry.value.push(data.getSignedLong(entry.valueOffset + i * 8, isBigEndian) / data.getSignedLong(entry.valueOffset + i * 8 + 4, isBigEndian));
567+
for (var i = 0; i < entry.components; i++) {
568+
var num = data.getSignedLong(entry.valueOffset + i * 8, isBigEndian);
569+
var den = data.getSignedLong(entry.valueOffset + i * 8 + 4, isBigEndian);
570+
if (num && den && den > 0) {
571+
entry.value.push(num / den);
572+
} else {
573+
break;
574+
}
575+
}
530576
break;
531577

532578
default:

0 commit comments

Comments
 (0)