When there is damaged Exif header - it causes out of memory

Question

When there is damaged Exif header - it causes out of memory

uldisv opened this issue 7 years ago · 2 comments

If Exif offsets happen to be random garbage - package tries to split at those random positions without validation. This will cause "Out Of Memory" error and process stop node itself.

I'd suggest as first command in readTag function add validation of abnormal valueOffset and numValues:

function readTag(buffer, offset, bigEndian) {
...
    // Prevent damaged Exif data to cause Out Of Memory
    if (valueOffset >= buffer.length || numValues > 1000000 || valueOffset + numValues * valueSize >= buffer.length)
      throw new Error("Damaged Exif data");

numValues > 1000000 (just assumed very large number) - but without this check - last comparsion may not always work - it can rollower.

Attached damaged header Exif information
damaged_header.zip

Answer 1 · 2018-04-08T12:25:30.000Z

Should be fixed by #5

Answer 2 · 2019-09-30T08:44:37.000Z

v1.0.3 now available, thanks for reporting.