You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a corrupt image which goes into an infinite loop when running Metadata Extractor on it.
Some of the bad code is on my end (bad implementation of Stream) but one of the fail points is also in Metadata Extractor.
In the SequentialStreamReader class, The Skip method does a bounds check on position + n > length:
In my case, n (num bytes to skip) was very large but still positive (top-most bit is off) 0x7fffffffffffffef = 9223372036854775791
and the addition of position + n lit the top-most bit, so the result is a negative long 0x8000000000014b86 = -9223372036854690938
Since both sides of the comparison are long and -9223372036854690938 < 131072 then the bounds violation is not detected.
I made a PR to fix this issue: simply casting both sides of the comparison to ulong should solve it: #427
I hope this helps.
The text was updated successfully, but these errors were encountered:
I have a corrupt image which goes into an infinite loop when running Metadata Extractor on it.
Some of the bad code is on my end (bad implementation of
Stream) but one of the fail points is also in Metadata Extractor.In the
SequentialStreamReaderclass, TheSkipmethod does a bounds check onposition + n > length:In my case,
n(num bytes to skip) was very large but still positive (top-most bit is off)0x7fffffffffffffef = 9223372036854775791and the addition of
position + nlit the top-most bit, so the result is a negative long0x8000000000014b86 = -9223372036854690938Since both sides of the comparison are
longand-9223372036854690938 < 131072then the bounds violation is not detected.I made a PR to fix this issue: simply casting both sides of the comparison to
ulongshould solve it:#427
I hope this helps.
The text was updated successfully, but these errors were encountered: