drewnoakes/metadata-extractor

Various unchecked exceptions while parsing malformed inputs

Open

#422 创建于 2019年7月25日

在 GitHub 查看
 (3 评论) (2 反应) (0 负责人)Java (2,411 star) (470 fork)batch import
bugformat-heifformat-mp3format-psdhelp wantedimage-queue

描述

ImageMetadataReader.readMetadata can lead to various unchecked exceptions when parsing malformed psd, mp3, heif, and jpeg files.

Steps to repro

  1. Download the malformed inputs and extract them.
  2. For each input, run java -ea -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader <input> to reproduce the exceptions.

Stacktraces

$ java -ea -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader ./psd/AssertionError.PsdReader.extract
Exception in thread "main" java.lang.AssertionError
        at com.drew.metadata.photoshop.PsdReader.extract(PsdReader.java:110)
        at com.drew.imaging.psd.PsdMetadataReader.readMetadata(PsdMetadataReader.java:57)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:156)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:125)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:205)
        at com.drew.imaging.ImageMetadataReader.main(ImageMetadataReader.java:254)

$ java -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader ./mp3/ArithmeticException.Mp3Reader.extract
java.lang.ArithmeticException: / by zero
        at com.drew.metadata.mp3.Mp3Reader.extract(Mp3Reader.java:156)
        at com.drew.imaging.mp3.Mp3MetadataReader.readMetadata(Mp3MetadataReader.java:58)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:180)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:125)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:205)
        at com.drew.imaging.ImageMetadataReader.main(ImageMetadataReader.java:254)

$ java -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader ./mp3/ArrayIndexOutOfBoundsException.Mp3Reader.setBitrate
java.lang.ArrayIndexOutOfBoundsException: Index -1 out of bounds for length 14
        at com.drew.metadata.mp3.Mp3Reader.setBitrate(Mp3Reader.java:216)
        at com.drew.metadata.mp3.Mp3Reader.extract(Mp3Reader.java:156)
        at com.drew.imaging.mp3.Mp3MetadataReader.readMetadata(Mp3MetadataReader.java:58)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:180)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:125)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:205)
        at com.drew.imaging.ImageMetadataReader.main(ImageMetadataReader.java:254)

$ java -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader ./mp3/ArrayIndexOutOfBoundsException.Mp3Reader.extract
java.lang.ArrayIndexOutOfBoundsException: Index 3 out of bounds for length 3
        at com.drew.metadata.mp3.Mp3Reader.extract(Mp3Reader.java:105)
        at com.drew.imaging.mp3.Mp3MetadataReader.readMetadata(Mp3MetadataReader.java:58)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:180)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:125)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:205)
        at com.drew.imaging.ImageMetadataReader.main(ImageMetadataReader.java:254)

$ java -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader ./jpeg/NegativeArraySizeException.DuckyReader.extract
java.lang.NegativeArraySizeException: -4
        at com.drew.lang.SequentialByteArrayReader.getBytes(SequentialByteArrayReader.java:77)
        at com.drew.lang.SequentialReader.getStringValue(SequentialReader.java:328)
        at com.drew.metadata.photoshop.DuckyReader.extract(DuckyReader.java:99)
        at com.drew.metadata.photoshop.DuckyReader.readJpegSegments(DuckyReader.java:60)
        at com.drew.imaging.jpeg.JpegMetadataReader.processJpegSegmentData(JpegMetadataReader.java:134)
        at com.drew.imaging.jpeg.JpegMetadataReader.process(JpegMetadataReader.java:126)
        at com.drew.imaging.jpeg.JpegMetadataReader.readMetadata(JpegMetadataReader.java:77)
        at com.drew.imaging.jpeg.JpegMetadataReader.readMetadata(JpegMetadataReader.java:84)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:147)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:125)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:205)
        at com.drew.imaging.ImageMetadataReader.main(ImageMetadataReader.java:254)

$ java -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader ./heif/NullPointerException.HeifPictureHandler.processBox
java.lang.NullPointerException
        at com.drew.metadata.heif.boxes.ItemLocationBox.<init>(ItemLocationBox.java:86)
        at com.drew.metadata.heif.HeifPictureHandler.processBox(HeifPictureHandler.java:88)
        at com.drew.imaging.heif.HeifReader.processBoxes(HeifReader.java:55)
        at com.drew.imaging.heif.HeifReader.processBoxes(HeifReader.java:53)
        at com.drew.imaging.heif.HeifReader.extract(HeifReader.java:38)
        at com.drew.imaging.heif.HeifMetadataReader.readMetadata(HeifMetadataReader.java:40)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:184)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:125)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:205)
        at com.drew.imaging.ImageMetadataReader.main(ImageMetadataReader.java:254)

$ java -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader ./heif/NegativeArraySizeException.HeifReader.processBoxes
java.lang.NegativeArraySizeException: -2
        at com.drew.lang.StreamReader.getBytes(StreamReader.java:71)
        at com.drew.imaging.heif.HeifReader.processBoxes(HeifReader.java:55)
        at com.drew.imaging.heif.HeifReader.processBoxes(HeifReader.java:53)
        at com.drew.imaging.heif.HeifReader.extract(HeifReader.java:38)
        at com.drew.imaging.heif.HeifMetadataReader.readMetadata(HeifMetadataReader.java:40)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:184)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:125)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:205)
        at com.drew.imaging.ImageMetadataReader.main(ImageMetadataReader.java:254)

$ java -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader ./heif/NegativeArraySizeException.ItemInfoBox.init
java.lang.NegativeArraySizeException: -2147483625
        at com.drew.lang.SequentialByteArrayReader.getBytes(SequentialByteArrayReader.java:77)
        at com.drew.metadata.heif.boxes.ItemInfoBox.<init>(ItemInfoBox.java:53)
        at com.drew.metadata.heif.HeifPictureHandler.processBox(HeifPictureHandler.java:85)
        at com.drew.imaging.heif.HeifReader.processBoxes(HeifReader.java:55)
        at com.drew.imaging.heif.HeifReader.processBoxes(HeifReader.java:53)
        at com.drew.imaging.heif.HeifReader.extract(HeifReader.java:38)
        at com.drew.imaging.heif.HeifMetadataReader.readMetadata(HeifMetadataReader.java:40)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:184)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:125)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:205)
        at com.drew.imaging.ImageMetadataReader.main(ImageMetadataReader.java:254)

$ java -cp metadata-extractor-2.12.0.jar com.drew.imaging.ImageMetadataReader ./heif/IllegalArgumentException.HeifReader.processBoxes
java.lang.IllegalArgumentException: n must be zero or greater.
        at com.drew.lang.StreamReader.skip(StreamReader.java:95)
        at com.drew.imaging.heif.HeifReader.processBoxes(HeifReader.java:57)
        at com.drew.imaging.heif.HeifReader.processBoxes(HeifReader.java:53)
        at com.drew.imaging.heif.HeifReader.extract(HeifReader.java:38)
        at com.drew.imaging.heif.HeifMetadataReader.readMetadata(HeifMetadataReader.java:40)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:184)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:125)
        at com.drew.imaging.ImageMetadataReader.readMetadata(ImageMetadataReader.java:205)
        at com.drew.imaging.ImageMetadataReader.main(ImageMetadataReader.java:254)

The files were generated by fuzzing and are (probably) not valid file formats.

贡献者指南

技术栈
java
领域
backend
议题类型
bug
难度面向新贡献者的预计实现难度,1 表示很小改动,5 表示专家级工作。
3
预计时间有经验贡献者完成调查、实现、测试并准备 pull request 的粗略时间范围。
1-3 hours
活动状态议题当前的可参与程度:新鲜、活跃、陈旧、阻塞或等待维护者输入。
stale
清晰度议题是否清楚说明期望改动、验收标准和下一步。
clear
前置要求
Basic JavaUnderstanding of exception handling
新手友好度1-100 的估计分数,表示该议题对首次贡献者的友好程度。
60
研究方向
Review the stacktraces in the issue to identify the specific files and methods causing unchecked exceptions (PsdReader.java, Mp3Reader.java, DuckyReader.java, HeifPictureHandler.java, ItemLocationBox.java, ItemInfoBox.java, HeifReader.java). The fix involves adding proper input validation or gracefully handling malformed data instead of letting exceptions propagate. Consider using try catch blocks or checking for invalid values (e.g., negative array sizes, null pointers) before processing. Refer to existing tests in the repository to ensure the changes do not break valid inputs.