From 0fcdf774528034c819779cb0096a9eacfee63f7d Mon Sep 17 00:00:00 2001 From: Matteo Paonessa Date: Mon, 19 Feb 2024 09:36:37 +0100 Subject: [PATCH] Preventing panic when loading some TIFF files --- Cargo.toml | 2 +- src/tiff.rs | 27 +++++++++++++++++++++------ tests/samples/panic.tif | Bin 0 -> 11604 bytes tests/tiff.rs | 13 +++++++++++++ 4 files changed, 35 insertions(+), 7 deletions(-) create mode 100644 tests/samples/panic.tif diff --git a/Cargo.toml b/Cargo.toml index d2594d6..a29992d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libcaesium" -version = "0.15.0" +version = "0.15.1" authors = ["Matteo Paonessa "] edition = "2021" categories = ["multimedia::images"] diff --git a/src/tiff.rs b/src/tiff.rs index 741318f..67784f8 100644 --- a/src/tiff.rs +++ b/src/tiff.rs @@ -1,5 +1,6 @@ use std::fs::File; use std::io::{Cursor, Read, Write}; +use std::panic; use image::ImageFormat::Tiff; use tiff::encoder::colortype::{RGB8, RGBA8}; @@ -56,12 +57,26 @@ pub fn compress_to_memory( in_file: Vec, parameters: &CSParameters, ) -> Result, CaesiumError> { - let mut image = image::load_from_memory_with_format(in_file.as_slice(), Tiff).map_err(|e| { - CaesiumError { - message: e.to_string(), - code: 20504, + let decoding_result = + match panic::catch_unwind(|| image::load_from_memory_with_format(in_file.as_slice(), Tiff)) + { + Ok(i) => i, + Err(_) => { + return Err(CaesiumError { + message: "Failed to decode TIFF image".to_string(), + code: 20504, + }); + } + }; + let mut image = match decoding_result { + Ok(i) => i, + Err(e) => { + return Err(CaesiumError { + message: e.to_string(), + code: 20504, + }) } - })?; + }; if parameters.width > 0 || parameters.height > 0 { image = resize_image(image, parameters.width, parameters.height); @@ -166,4 +181,4 @@ pub fn compress_to_memory( code: 20507, }), } -} \ No newline at end of file +} diff --git a/tests/samples/panic.tif b/tests/samples/panic.tif new file mode 100644 index 0000000000000000000000000000000000000000..8e6f3ff3a215a806961dbd7db3a07e882f86ef3e GIT binary patch literal 11604 zcmb`N30Mva116kwHyZ6qH?5MARgNML-B{gL_y+ zR76x%#4RiWqJsfZQ5h$=;*L9`s4vXSotbyvz3;v6eXsI$*I%bkojP@@^5t}Qf`e^9 zoe2Pv87hjKxq&WL?kg6y#JiY~i+tg5M(uoC!%}~4M&+Z`-llm0k7(}ZI}Ev7LlPqJ z{*8<5i$j;{xz~oQaNQ$VI(O%z!)v^iK~LWre!cSvivo$xO=uGH!xD#|$d= znsw!|2kl$Nk!^3>g5q03b-u7S$yoX*n#o$eLwp*hJ-?doh%+_b`_pMKKo^$a2)}XKJFHMg=`05LNMuhx$ zzhSIN=0uV7>QZ%>SaV^m&&mlOcDdid!R4!RZhtVB9l6$(p~3bpa`{#)xqf+h9MPi%=Y(}W(@@fZi`{=VqCr-wuF=?|KWDsQ@Fu>R??Rp7hdgR ztt(l2!jVOj#7J(NI<&TMd)|vWIaJF~l&}lL&xjqAbJqr) z6=pjwnTP8=C^VJz*Ome9CIq7T;GrtRF7iaYxc=i}CjCbv_(OK%r!B6f=)UD#9wO4G` zn<>R4ZuP;o=5<~-2Ddt1IU4@iivK~c3eAy=`NL)s4#}dw?(LhPfw{w#H~8gY#Et5t zVv{+MxL;;Qa0{=r=g!j)>$%>1(mBP-v>okAt*ULa^*56&B$;s!_V?sQ*-q_!H*Y>_ zC#h@XW4TGyfwg!yGszVai+k|S^%Un@=e{N1J?b^_5qmjw#D>$Qytc-yYAuPn$a3L( zlJhV6$BBG<@910D1Kw|3INhq&q#6lj-wfCKs`1rl8FspBMks?WAEt{(!tN}@CC%p7 zNJKwkxP{L~oZ@b0bvxW7`)xDXwsWScVBdqaou&Etgww_Q5AN}Je}2gGa>cyN^sMk@ zx7*oENP+EkC_O{pX&c!`XJ3}hamVc6b3bq>bI$V?8G9Y|arnDpsTpIa)U^Au?fjQp z`}R+Hv}_Q^(o=4BD`d&Tb6#?RTfM9FdO7Om1;(ctyIW2^++wVk>k?6D`ZVhMl4@X8 z=bCb;^ha-IbJ<=MUvS9b`m#~!mk@o+a)w+Yl62Zjik^SHsY;m?!JHA+vmDgiNOe#hgFVo-JPZklU_Fqaz4cKM_Da4 zzJ2`7CBvR4!u|soU+)iRKMWnCxIsX|K<*s~nxS@TaJTt*>Bt8cA}Sue`ar|h3r{b; z-R`e1!Lk@Q1^bI~gkaya7CJ5XbgrV<(M#Fl=bNod5J$2Ddiq7pw-tA8r`uA5cXc~t zw9j*5XoXD|c+F3UI>@gT1#cOfd{2LRJYUBpxvPj?*mHmyoS!i#)I*j` zwb+&JYsB;t!R`L8h5fiGa-lgRZ&)aiG%`Eu0kcM9RL1k*w~xn!OF+z2q)JPLpl ziG0385aZmAc(2aNO{K9!>%yH*b_om#1+8LP!EJlO%EodbxyA-OD7BLw?*)CTn*?O? zoKoeW12Pz?%Z&*xYeP5)?qEm{Bsscpz|{8ANGmxnFdtMppoE3^Smhd`$_maO1$v?; zmcrp3q(ZF*z$;rOY~b+0b~2##@k>eovky*_3U9u5XvHm zm=27))j!w5C@He3!MF!5VYf|4H&bVGt(}ydyip{kiOy94JtJhcS&{k)+Am#BkZl8m zexg%iWs$CPEdZx_4BE$%nGzOd^B7>XDLjlL?$;{X_sl2}E~3X1gXJ0@GygFknufl< zFx%D zt?($ycO&-O>@M}!Q#BJ1)Yq;SO|8+$upD9kw!Jv`r7_<;3vp$!g&^CF z!5?2+4!cZ+Do1dr+U~*%lBplO0||8k(C@v156p~fX{RL+)2z^XQ0KM~ht~`nqtn;G zVv@X&&*vbb9H6$GBRW-n3s6nVO{-s;li#;Gw z0RlzFP=IN-qymncn2)d8vjf$$46{li-K6dU(8V=$P`jVfk8#S+b|45o$Ur*IYFhRs zoLNj7?r@}FW@09bFI*_>58a+0B$yx1AdFLw~1Iv4UdtB%QN`m{7p$q2x7x`C&)lg^9 z8l)0uK#=fU3&)I*HT=;swFOhfTaDy=5Ip=T)!c6^n+&rE@idGnKYbM(XTBIO!s*Kw zb>X?gDKg=S-pdA_m*vjX5@i5@+%U0HdAN!66C_AfIXMSO%bINTXO6vMtdoTH?RB!j z3^gJJSzuMa1zzTkI*&ljDB*o@Kq`0B9=87?fgX?nzZ94EQifMoqE#TD9EZZmUVZSh zZ+-!2=@GIj3POtZ$Cz!JhNi}VnTgIiK(Y)e_4Sn$VNAH@F&@5nsjB4}Ff5Y3KY>rl z4^l8jyrPDssWjiHZCG}Fr9uCt6dWTJAJkx`)6nKy&@zY@sDO^R2$u%~nyFJTSzT{% zc|k5kL#~S?H>JCr}wHmrGinA~~of@83~$+l4VGG0Rc+s_V}ZaQl{g+d&fa z0Rh{v0G}n*pryl*c)(Qp03F9P2D7aN17irB$w)gIJ7(PWj>_SGLlAcNd5sBnV5&lN zVlnh8FT*2>AwIy4Wb1-Kgvw+4m3mI-Y{Yev6=b1*Jq#xr#aqiws^UqKY^>@DEIom1 zf2XSv5jl0(UJ+ZAWQ(xi4#In z2@RFiCT$HSq76)lt{2iq`X%-UpOm`16$_#CrjEkm`vgG{GCkF@%7q1@TKGUm5XP*( zf#Tw5{9ypqqT9yVZ9KN91H}K|jPuzS6hiW6#`*hlmp#|ljN=T9>3GS9$&B;+>Jvk6vV-{94%mnz zTSGpWyuKdWDy}*{UaQAicY28uW)QxuzqEwsM$!FBfI99TSUoiLLRSBJzcw@JxTE9a zARnO09WwUZkA$*3D7G;EAOgHO@iJcb$%({E)o}P7hAtzcnytxw@_C)|dJ;JA!6(l> zvftly#m!H>RtRg|x8Z>_>YLray>U9*M=CGuyz%zfaOFC2XnYAGEEabzAG-ZAcb)hB z&w8QV(1%gs=Ye^>rSd#LDPbX>J^%gOoZYScp0E5O5Ma)LPnXfmpQ7auqJD9S@xv?6 zU!6<$H|Re^K39&bJ(Bb#WKWO=!6ZnSHff}$3I1;ZZ;dYwG&edazEvG`aLzHS0*!>~ zy3t2DZajZ~O`Bqc@Foc6-d(1Du-5}u0x@k;bqC^i8((?(p@!|nlONu}x%_PP1~VnU z(ctRC@F!n_ua|he7Hl?WJ!}tZzZ+c{_}l|39@%1(Qu=i3Gsi%?hcB#W&x~KiRBBE{Jz_e;kmw1V- znMBe=$q zM$D=EmcSl8cGzNXD<;n?cJo)s0O;k@u+I|X?ba9+ z)a)sgNLv)=s-Gx-ZfG7a%gU0r}a9Y$5mZUwyyy zH1fGRgb=~^r`ioTKEXdC0QB1j(+`&Q?)QC)5beZGwonoWI{$NP(( z$XSx+c#ptQCLE_+hv1yYNx*fCndB2$LGs21naXQEApvySs4xjrNPauWjZmbQH%Ng} zsPE@S^7F-A!awL-E^C6ccecNw;0cigFuhcuoCJfp`3hjw{tN|)Tl}OIeOCOY2tpg* zoCMDn6t>)3ZcabI*tEj7)R($rV6^kIpKLEA3oz7Mf{1gmBz4@2?0%{VV0(63d|*d^gv;%JF>-NfDcIA z%GoG2GzFQ6q1JqujY$Wd-Q1?VH@0o2s5jVGD2@=SlVb_g4L~Nb*!OxY?OG;*)S~xrkieKvRR0ta1}GkGD=oG~b;+WNBSLkR!(8ikWqjDtGy*ahLnN| zSkycpk^Y*?2fOvT@A^;2vdsMXS){jWj}quKrvn&mf#m?j!`THfmg&J@g>3h^;EwTe zL!>`|93~v)YWR#}kk;UN{$(B$hoU4x%?d9`)_y#)hoGSV+it#i88RAHAc@6)PPsz7-IOljD3EeRAM5>wPznAbzy=utuq_EAX`%8*NhX?! zxr%UvX_v517wQR&7%QF9#@K9JJ-SvZIP5IQ{!EF>ij+&Dh$>MAqpd-&Nbuppmg7Vn z-%1cS*6NNP2l(o1GE#q-aS+4Pq`hSZL89?QyG=KWCpr{Ddkj^eUl+-eVJj5&mx~O5 zG;s-}#+aE80i6eOpyNIPz|eVGdze*`vOoB3rJSJ2S{GP(b3N}6*;I`Ci9Eu$!erlI zwVilTSW%~g6m9Q*7@tZK&|Q}X)w0X8lUsEqCjL>^jir&!o6-T>-%AO=`NUpABCrA0 zc-gerV!o2vmY7R;=*%U(!Yp+?0;v-}?SEA=!mLi#z+AG|OofQqg&IF-o~C>n=QjNrLe1`qC?`2`ns2|o~*^{#3Z z-B#Idw5L-l`F@CcIUy7vCg6Kj6keWHg^{e3wi!#Y$^zXc0xuc^Ozl_hXHsfBanFs0tYuV^wrPVIq*IiPEu8Xf8U-j~oFolfOr&3y6`&uEPRFQIr(+)9{a9;f zLz3_Wh1uWPlH9yfb*LmR19=m_pp1;^_HMZW^|m~~P&xk0DhnWp zWWc_rl5|5sk-h*!vuW5W>Csn};WR3iilrC!X}@lSrL>wV0I0)Z7!A)T)E|(?$;wB? zjUqsL4l8#dRP=E`&=0w002e_iV@8^76p)U7-8#jJXAW9%A{7xZ4q$W za{O{R0DTlej4sFbqIM$EY!*L?RyGbmJ6rq~%Fx}s~lg^2fr?ykUI-nPsi z$n`BIXVU?WXHq-!Zv3*@9)=Y++Pj}C_C>?rGtaJ6@NjZ_M*p)c_1*x#c@4My?(3d; z6oawGj5aG~y)@j7d#d`FbMJ%q#9&UB;K8~*b5~v)?8x!jZ$N5&yn3AKG3oka+NZf+3 zf@7J)?=uu%bnw+zgL^Z1#(~t_ zRhXiN6>EW)Bf(5>CT>6|{DUbko2tocQNKjbzXIbA={ zl%wB_E81^~AMOMECJ#gu_0^ORp$fe@jBD9{eoZyd-P3t@y7|rw_}2MQCaW-byy~z> z?c`o{YV#Fw+h<$7xURyTx7O~*C!$c0s>z^y@q)dF#KZm7ybb%F9)F%|S~!N%CWcXT zlp6O$Cok^j!&rGw(8$C_u82^!B`*85_u5CaoWAcvu5}Ay6HeS;EPw3g6Mr}E^M&KP zmB06`s%rbap%iXg+4Y z(&+BGT~%+ZSqAM9xK+EJwv;8wRc;`TU2Q{4DeYc9H9JCZ$Y{ZDIN^D{o%te6=w=vN zY9TRGk2~nkeA~Q1*J39xB+t?fglxY&3YHXEF?JB>Fz5^0@nDX*h4SgyGcNYHC?@5u zek+Z)Nw)LEDvAjY811ZUiTG(p8+<>yydWFs@2WQ<5QrM+gg2cZH9J`ui&s;S?dgS> znJ2={U(}7)>go1iY7$CKePGW~<6HZXPZ{$5&?>}vQBLYJT z@LWhAi3d8zx3RnH8+DYZjS>aV8yoeRj#M$pqJ08%R3BwTK1ZI>?An#+B%S4h!E5>$ z-J-=PU$>QB;uCmP4@NH!_SxLO9gX9m1*A?HPVw57&#R>J%ZyYf3=p9i7_z3`7(v5) z(`4u1_|v>MAx{|2WO!0k6NG#?%GiG>0YLr>$`m$Tv4>nZu~wb{dIz;zoj28#exL|W z&@kh_QhXEFLDVig@nYH)#_V z;{$|L0AjdcMC2$JZiOWiL?1QRvt4)^&~jzuwnlef{waJsB~yBQ41sMK!q|^VODP-p z-Kut6CsF&Hb^{*du*?teLh%a@8+Hl}5jBl#0n}xaw-bXgtIsT>_)Kf(%P1mx6j?f~ zZ=r5u&}yY6O~pLvSQnNLh$P9VF$4}m04hQ*gi+!(!4 z#G`ouG@hf5USXv!c=$+~*IzW_eqRB8u598lc=X=|#pZ~Dm5Dj`(LTNnMf4N0n==3Z3YWbHdNkIe6k%Tp|+ z0pU70ZqITA2;slfJOeip_fu|fGgUR6*Vh2wVI{!&HKj1b{M7{&(-tp3f08ca3yLci zLIXrk-tyg?ev8mwEv~r1;UBQKYbZIVFm|?>lg&oMT@KU5P z*UvY~Mb9rW7M0$JLpJF#t9q6q`H^NSU_@o`Wb-nZtTx6Y9a)y!gW?#0VCXedGngQC zxT_N&v@;fm&6hwIaS2h!2ri2+m$f$YpC0)gmL_{4)XxpumKt(u{0$Yn0{eiMk&q^8 z8BnjDkw2EnU|6Um(0ydSCh)+(21YMG2bMgs+7t=G(*;1+~Y=oo^M%DYH90d74Oa&_qrOZ*wo zon~=yA3?S=>z>C7io^JuVD3zF(S|!vf0tRHgoS{3IP}42fauwRI2GnpF35FnZ&4UY z!CXv6gb}vVlD2u=?3yr|iKYn2Ubkm&ZL=`W2zqMB=|GhUJ9%=-D*S`483XEHxJ#^t zj9-Vz&<>TRM^tO|JJL6lhYw+YOLu=+`>?E79fJ=DG9*jnX~lftEr|q=G{7RC8t>)T z6igP$9f?vlOL`W`gqzm~3N_w&ykb3Husoqcjq!@>JR-}T7BBT{-$ujBJW<;Pb9JMeS#`b9^f!8|k0Dw4dW%{hS0g+l|5IoZlUa3`@ zI+?SJ0H|IZ!&<<`Iam==++G$At~ zRXfyt?Ji47U8Y^`)cB;Vq_k8xDfPcw;s3{O|MFoH|J>JF(5w9p=u7MX7V;v%i8OIod2g2qFmcVtV~)4Pm28_BH_4Inc5e~ zlLa+-LIVOI13EAQY+wegfGuzYuD}!U!AuYW=731B5G)39AQ7a1Ot1#z0x2i}B|rhT zgI!=hs0D{WBRB!hfb*aYbb+ft4Q_&aKm#6w7hnv00$(8r!a}-`9%KZWLQ|lrkR#*< z`9L$FFen0A2#KI&P%5+v%7yZv5@-vw3#x(+LC2x9P#bgw>WA(?BhWK#%KHU@L=X{l zgbBg|VUKV_2oRx&NW>zuBN;wD0ac!Bt+{Uy>t8X!4H zTcjJ(4><=Jja-V%L~cM9BX=OHk&Vb!WH<5#QiFVn{2hfs>7ihhEy@!WgqnwnLuH^g zph{7@Q1z(Os7}-k)Cg(}^&PE?W}&B|J|qT%yP^+OetnB<`_nW>Bl_8e8gh0M%bxXZ|oeb7@LJH!0yC0U@u_@u#d6h zI31iR&Jh=Yi^iqmWVju;!?=sM0o+sES3Ctj1@D2MgOA6r#h2r2@vZpl_{aFK1S-Lj z;7y1mEGI|_m4rsZWx_Dwy^f9!SI1o^Tqj9KqEo5Uq|>7_qVqeEMzkUN5o3s}h-Jis zL>2K4@x89Du7xgNH(EDKw@mktZinuD-Eop0$&M6EiYIL(?IxWj4Uk@w@#HCF0eLYw zhrEM)l6;-~l7gpLQ2Z!j$_C1A%2~>7%15dm)qy&PnnEq59;RNQj?%C+3))OtJWWok zp>@z6>LK;a^!)VV^z!s-^)Bl@reo-q^kDjOdI|j~y^lVoPt$kSpRb>-zgz!;zQzD) zU||q!kZe$HaKhl0!52dlLxEv};U>dI!vVw33}XhLk-#Ws9An&Md@+KJW*V(9sxUfZ z^eYp^v|)xb*D&`nFEd{n(~UiiGF=*7p1GR4 zid^@&-gcwA3EfKFdfd_OzU~{{&%6Kb;o_0yal+$`r>*A-&%>UhUY1@7UbS8iy}90E z?<#MN59}lIQTk|RaAt^SRL^+8H{-|i>-bLv)`I1N2El7zo^Ph_Dc{e29)9cnRQ^c+ zK>uR@zL~U{^Jeavc|U*~uq@z6z*yk)z;%JDAaqb@P({$~V3Xju;6uSsobg+2(g3Cj#?orRbcGHdIs;n`DWr_Mez2h0hcvvtm|LQ7$W@LV`1To}GP{7HmE zL~ca)T)nwV<{qB=DbhExJo4T=t9h&Dwa+KdkC}gH{^te$3$`rKMA=8JkGi^$xiD#A zOEflmeso>*$Dd~YwEd^YG1FrTVs0(6T$H`&%3|i?Pm`TpgfSIk*)aK(@01h+l_F27q_4u0kYfffUvs1ILt+iRZY3 zwdZnjrMV;P1?#IeKpSE=v~M)qDBt*45-6#c5~M4nzsPv9EwT@J3-Vg!CUS}VVSZr# zkpfadX2I=3&%*shsG_8zzD-V>c5eD!9ADg9!YkQPGEo{=+Pm3dbLHkAWlPKY%3aF$ zDKLsu#jT1N74=)FTXMEM+&XLP>22_~;%y(cFWG)&hx3m8KNEgl^|Pijtg>aN`A)^o ziCu}iZtnKoeQXbF&!#<}_r~uX*vH@3xZh-d$^I|OB;`<5VAbhri|QRUn3~l!Pip7a zb{}v%aHx)1S5o)wVCq3leMEidA=g8P4zmuIA3+>hb>vw?OoRHU|IwC4+s3M62FFU8 zK+~$G=f_3IZ=DD|(SFkHWMlJ`<~^tMP8FYqPOm*Zb|&$Rre$GE|JjhU?X8}zr_R}( zJ9wURe)k3a3*{FH7v&d!T*|rhQI)QG*|x0hVf&KydmT|7gPq}>eV0Qo_jCnxb#x25 zFZFo$oWJ66d)Pz>I;m8~!)C z27?E$-kg22|JJ-)L$_mYYlh;7M(-rwd3$&D-LLl~!|37SUn#%txX-#@{hRe~$22aQ z3nTs`*B;D$aPMK+j$5Yd%hejPo&p!)zrhfj@^T#jJUwnO8@QV6s z&ugpK&2RW`u8l>FJ${?{_Q$)@_eSpzesKQK{!#ex{-=~rUq2U*8;#fh?)H24mjz#* zeqA$xov8d~{jK$T==b3tDL;O&plEHJSn#4!hfh_t?=eX%@S%;qs#=@#g1pk`+2VA22Rokq-Y2n{m|CND+|H2I?$N%KUA4dMv{L6-y{bXGJ6{kNJ;SZ^H6?_QV L(f?ybeF*;p6r`R* literal 0 HcmV?d00001 diff --git a/tests/tiff.rs b/tests/tiff.rs index 6213f8d..79397c6 100644 --- a/tests/tiff.rs +++ b/tests/tiff.rs @@ -208,4 +208,17 @@ fn unsupported() { String::from(output), ¶ms, ).is_err()); +} + +#[test] +fn prevent_panic() { + let output = "tests/samples/output/panic.tif"; + initialize(output); + let mut params = caesium::initialize_parameters(); + params.tiff.algorithm = caesium::tiff::TiffCompression::Lzw; + assert!(caesium::compress( + String::from("tests/samples/unsupported.tif"), + String::from(output), + ¶ms, + ).is_err()); } \ No newline at end of file