drewnoakes/metadata-extractor

Various unchecked exceptions while parsing malformed inputs

Open

#422 opened on Jul 25, 2019

View on GitHub
 (3 comments) (2 reactions) (0 assignees)Java (2,411 stars) (470 forks)batch import
bugformat-heifformat-mp3format-psdhelp wantedimage-queue

Description

ImageMetadataReader.readMetadata can lead to various unchecked exceptions when parsing malformed psd, mp3, heif, and jpeg files.

Steps to repro

  1. Download the malformed inputs and extract them.
  2. For each input, run java -ea -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader <input> to reproduce the exceptions.

Stacktraces

$ java -ea -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader ./psd/AssertionError.PsdReader.extract
Exception in thread "main" java.lang.AssertionError
        at com.drew.metadata.photoshop.PsdReader.extract(PsdReader.java:110)
        at com.drew.imaging.psd.PsdMetadataReader.readMetadata(PsdMetadataReader.java:57)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:156)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:125)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:205)
        at com.drew.imaging.ImageMetadataReader.main(ImageMetadataReader.java:254)

$ java -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader ./mp3/ArithmeticException.Mp3Reader.extract
java.lang.ArithmeticException: / by zero
        at com.drew.metadata.mp3.Mp3Reader.extract(Mp3Reader.java:156)
        at com.drew.imaging.mp3.Mp3MetadataReader.readMetadata(Mp3MetadataReader.java:58)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:180)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:125)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:205)
        at com.drew.imaging.ImageMetadataReader.main(ImageMetadataReader.java:254)

$ java -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader ./mp3/ArrayIndexOutOfBoundsException.Mp3Reader.setBitrate
java.lang.ArrayIndexOutOfBoundsException: Index -1 out of bounds for length 14
        at com.drew.metadata.mp3.Mp3Reader.setBitrate(Mp3Reader.java:216)
        at com.drew.metadata.mp3.Mp3Reader.extract(Mp3Reader.java:156)
        at com.drew.imaging.mp3.Mp3MetadataReader.readMetadata(Mp3MetadataReader.java:58)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:180)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:125)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:205)
        at com.drew.imaging.ImageMetadataReader.main(ImageMetadataReader.java:254)

$ java -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader ./mp3/ArrayIndexOutOfBoundsException.Mp3Reader.extract
java.lang.ArrayIndexOutOfBoundsException: Index 3 out of bounds for length 3
        at com.drew.metadata.mp3.Mp3Reader.extract(Mp3Reader.java:105)
        at com.drew.imaging.mp3.Mp3MetadataReader.readMetadata(Mp3MetadataReader.java:58)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:180)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:125)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:205)
        at com.drew.imaging.ImageMetadataReader.main(ImageMetadataReader.java:254)

$ java -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader ./jpeg/NegativeArraySizeException.DuckyReader.extract
java.lang.NegativeArraySizeException: -4
        at com.drew.lang.SequentialByteArrayReader.getBytes(SequentialByteArrayReader.java:77)
        at com.drew.lang.SequentialReader.getStringValue(SequentialReader.java:328)
        at com.drew.metadata.photoshop.DuckyReader.extract(DuckyReader.java:99)
        at com.drew.metadata.photoshop.DuckyReader.readJpegSegments(DuckyReader.java:60)
        at com.drew.imaging.jpeg.JpegMetadataReader.processJpegSegmentData(JpegMetadataReader.java:134)
        at com.drew.imaging.jpeg.JpegMetadataReader.process(JpegMetadataReader.java:126)
        at com.drew.imaging.jpeg.JpegMetadataReader.readMetadata(JpegMetadataReader.java:77)
        at com.drew.imaging.jpeg.JpegMetadataReader.readMetadata(JpegMetadataReader.java:84)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:147)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:125)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:205)
        at com.drew.imaging.ImageMetadataReader.main(ImageMetadataReader.java:254)

$ java -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader ./heif/NullPointerException.HeifPictureHandler.processBox
java.lang.NullPointerException
        at com.drew.metadata.heif.boxes.ItemLocationBox.<init>(ItemLocationBox.java:86)
        at com.drew.metadata.heif.HeifPictureHandler.processBox(HeifPictureHandler.java:88)
        at com.drew.imaging.heif.HeifReader.processBoxes(HeifReader.java:55)
        at com.drew.imaging.heif.HeifReader.processBoxes(HeifReader.java:53)
        at com.drew.imaging.heif.HeifReader.extract(HeifReader.java:38)
        at com.drew.imaging.heif.HeifMetadataReader.readMetadata(HeifMetadataReader.java:40)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:184)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:125)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:205)
        at com.drew.imaging.ImageMetadataReader.main(ImageMetadataReader.java:254)

$ java -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader ./heif/NegativeArraySizeException.HeifReader.processBoxes
java.lang.NegativeArraySizeException: -2
        at com.drew.lang.StreamReader.getBytes(StreamReader.java:71)
        at com.drew.imaging.heif.HeifReader.processBoxes(HeifReader.java:55)
        at com.drew.imaging.heif.HeifReader.processBoxes(HeifReader.java:53)
        at com.drew.imaging.heif.HeifReader.extract(HeifReader.java:38)
        at com.drew.imaging.heif.HeifMetadataReader.readMetadata(HeifMetadataReader.java:40)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:184)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:125)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:205)
        at com.drew.imaging.ImageMetadataReader.main(ImageMetadataReader.java:254)

$ java -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader ./heif/NegativeArraySizeException.ItemInfoBox.init
java.lang.NegativeArraySizeException: -2147483625
        at com.drew.lang.SequentialByteArrayReader.getBytes(SequentialByteArrayReader.java:77)
        at com.drew.metadata.heif.boxes.ItemInfoBox.<init>(ItemInfoBox.java:53)
        at com.drew.metadata.heif.HeifPictureHandler.processBox(HeifPictureHandler.java:85)
        at com.drew.imaging.heif.HeifReader.processBoxes(HeifReader.java:55)
        at com.drew.imaging.heif.HeifReader.processBoxes(HeifReader.java:53)
        at com.drew.imaging.heif.HeifReader.extract(HeifReader.java:38)
        at com.drew.imaging.heif.HeifMetadataReader.readMetadata(HeifMetadataReader.java:40)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:184)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:125)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:205)
        at com.drew.imaging.ImageMetadataReader.main(ImageMetadataReader.java:254)

$ java -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader ./heif/IllegalArgumentException.HeifReader.processBoxes
java.lang.IllegalArgumentException: n must be zero or greater.
        at com.drew.lang.StreamReader.skip(StreamReader.java:95)
        at com.drew.imaging.heif.HeifReader.processBoxes(HeifReader.java:57)
        at com.drew.imaging.heif.HeifReader.processBoxes(HeifReader.java:53)
        at com.drew.imaging.heif.HeifReader.extract(HeifReader.java:38)
        at com.drew.imaging.heif.HeifMetadataReader.readMetadata(HeifMetadataReader.java:40)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:184)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:125)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:205)
        at com.drew.imaging.ImageMetadataReader.main(ImageMetadataReader.java:254)

The files were generated by fuzzing and are (probably) not valid file formats.

Contributor guide

Tech stack
java
Domain
backend
Issue type
bug
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
Basic JavaUnderstanding of exception handling
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
60
Research direction
Review the stacktraces in the issue to identify the specific files and methods causing unchecked exceptions (PsdReader.java, Mp3Reader.java, DuckyReader.java, HeifPictureHandler.java, ItemLocationBox.java, ItemInfoBox.java, HeifReader.java). The fix involves adding proper input validation or gracefully handling malformed data instead of letting exceptions propagate. Consider using try catch blocks or checking for invalid values (e.g., negative array sizes, null pointers) before processing. Refer to existing tests in the repository to ensure the changes do not break valid inputs.