Code Monkey home page Code Monkey logo

exif's Introduction

"exif.c" is a simple implementation to access the Exif segment in a JPEG file.
It easily enables you to get the value of the IFD tag field with such code:

  TagNodeInfo *tag = getTagInfo(ifdArray, IFD_EXIF, TAG_DateTimeOriginal);
  printf("DateTimeOriginal = [%s]\n", tag->byteData);

  -> DateTimeOriginal = [2013:09:01 09:49:00]

See "sample_main.c" and "exif.h" for details.

exif.c only uses standard C library functions. So, it will be usable in many environments. 
It has been tested in the following environments.

 - Windows XP 32bit + 32bit Visual C++
 - Windows 7 64bit + 64bit Visual C++
 - Redhat Linux 32bit + 32bit gcc
 - Mac OS X 64bit + 64bit gcc

building with gcc:
gcc -o exif sample_main.c exif.c

building with Microsoft Visual C++:
cl.exe /o exif sample_main.c exif.c

The following output is the result of the sample program.
---------------------------------------------------------------------------
$ exif test.jpg

[test.jpg] createIfdTableArray: result=4

{0TH IFD}
 - Make: [Apple]
 - Model: [iPod touch]
 - Orientation: 1
 - XResolution: 72/1
 - YResolution: 72/1
 - ResolutionUnit: 2
 - Software: [6.1.4]
 - DateTime: [2013:09:01 09:49:00]
 - YCbCrPositioning: 1
 - ExifIFDPointer: 206
 - GPSInfoIFDPointer: 576

{EXIF IFD}
 - ExposureTime: 1/30
 - FNumber: 12/5
 - ExposureProgram: 2
 - PhotographicSensitivity: 400
 - ExifVersion: 0 2 2 1
 - DateTimeOriginal: [2013:09:01 09:49:00]
 - DateTimeDigitized: [2013:09:01 09:49:00]
 - ComponentsConfiguration: 0x01 0x02 0x03 0x00
 - ShutterSpeedValue: 4035/821
 - ApertureValue: 4845/1918
 - BrightnessValue: 2234/1113
 - MeteringMode: 5
 - Flash: 32
 - FocalLength: 77/20
 - FlashPixVersion: 0 1 0 0
 - ColorSpace: 1
 - PixelXDimension: 960
 - PixelYDimension: 720
 - SensingMethod: 2
 - ExposureMode: 0
 - WhiteBalance: 0
 - FocalLengthIn35mmFormat: 32
 - SceneCaptureType: 0

{GPS IFD}
 - GPSLatitudeRef: [S]
 - GPSLatitude: 69/1 17/100 0/1
 - GPSLongitudeRef: [E]
 - GPSLongitude: 39/1 35/100 0/1
 - GPSAltitudeRef: 0
 - GPSAltitude: 6151/470
 - GPSTimeStamp: 0/1 48/1 3921/100

{1ST IFD}
 - Compression: 6
 - XResolution: 72/1
 - YResolution: 72/1
 - ResolutionUnit: 2
 - JPEGInterchangeFormat: 840
 - JPEGInterchangeFormatLength: 8648

0th IFD : Model = [iPod touch]
Exif IFD : DateTimeOriginal = [2013:09:01 09:49:00]
GPS IFD : GPSLatitude = 69/1 17/100 0/1
removeExifSegmentFromJPEGFile: result=1
---------------------------------------------------------------------------
http://dsas.blog.klab.org/archives/52123322.html (Japanese only)

Copyright (C) 2013 KLab Inc.

exif's People

Contributors

mkttanabe avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

wulijun1111 c4ms frankfoofoo njuzss enefry mingsn91 iyelei pandinosaurus zhaojiahai lenniea zogvm yuuichihosomi nakajimakou1 panjiadi586 avykhovanets takitan hoheinzollern

exif's Issues

heap-buffer-overflow

enviroment: ubuntu22.04

requirement: compile with asan

command: exif poc -verbose

poc:
crash 6

output:
system: little-endian
data: little-endian
=================================================================
==35507==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000005d4 at pc 0x555f8b226fbf bp 0x7ffdad0269b0 sp 0x7ffdad0269a0
READ of size 4 at 0x6020000005d4 thread T0
    #0 0x555f8b226fbe in addTagNodeToIfd /home/zjr/python_fuzzer/exif/exif.c:1543
    #1 0x555f8b22f8f3 in parseIFD /home/zjr/python_fuzzer/exif/exif.c:2438
    #2 0x555f8b221b8c in createIfdTableArray /home/zjr/python_fuzzer/exif/exif.c:334
    #3 0x555f8b21f929 in main /home/zjr/python_fuzzer/exif/sample_main.c:63
    #4 0x7fe39ad6ad8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #5 0x7fe39ad6ae3f in __libc_start_main_impl ../csu/libc-start.c:392
    #6 0x555f8b21f5e4 in _start (/usr/bin/exifsan+0x55e4)

0x6020000005d4 is located 0 bytes to the right of 4-byte region [0x6020000005d0,0x6020000005d4)
allocated by thread T0 here:
    #0 0x7fe39b01d887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x555f8b22f03a in parseIFD /home/zjr/python_fuzzer/exif/exif.c:2401
    #2 0x555f8b221b8c in createIfdTableArray /home/zjr/python_fuzzer/exif/exif.c:334
    #3 0x555f8b21f929 in main /home/zjr/python_fuzzer/exif/sample_main.c:63
    #4 0x7fe39ad6ad8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/zjr/python_fuzzer/exif/exif.c:1543 in addTagNodeToIfd
Shadow bytes around the buggy address:
  0x0c047fff8060: fa fa 00 fa fa fa 04 fa fa fa 04 fa fa fa fd fa
  0x0c047fff8070: fa fa 03 fa fa fa 03 fa fa fa 04 fa fa fa 04 fa
  0x0c047fff8080: fa fa 04 fa fa fa 04 fa fa fa fd fa fa fa 00 fa
  0x0c047fff8090: fa fa 04 fa fa fa 04 fa fa fa 04 fa fa fa 04 fa
  0x0c047fff80a0: fa fa 04 fa fa fa 04 fa fa fa fd fa fa fa 00 fa
=>0x0c047fff80b0: fa fa 04 fa fa fa 04 fa fa fa[04]fa fa fa fa fa
  0x0c047fff80c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff80d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff80e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff80f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==35507==ABORTING

exif version 0220, 0230 not supported well

To get date time, some return empty, but when I use android.support.media.ExifInterface, I get values. The TAG_EXIF_VERSION is 0220 or 0230 according to ExifInterface.

heap-buffer-overflow exit in createIfdTableArray() at exif.c:284

Summary

A heap-buffer-overflow caused when using exif.

Version

$git log --oneline -1
f875872 (HEAD, origin/master, origin/HEAD, master)

Environment

Ubuntu: 18.04
clang : 12.0.0

Reproduce

PoC : poc.zip
Command Line : ./exif poc

Debug Info

==61179==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000050 at pc 0x0000004c9d3a bp 0x7fffffffded0 sp 0x7fffffffdec8
READ of size 4 at 0x602000000050 thread T0
    #0 0x4c9d39 in createIfdTableArray /src/project/exif_project/exif/exif.c:284:21
    #1 0x4f4086 in main /src/project/exif_project/exif/sample_main.c:63:16
    #2 0x7ffff7c57082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
    #3 0x41c3bd in _start (/src/project/exif_project/exif/fuzz_issue-exif/exif_cov+0x41c3bd)

0x602000000051 is located 0 bytes to the right of 1-byte region [0x602000000050,0x602000000051)
allocated by thread T0 here:
    #0 0x49761d in malloc (/src/project/exif_project/exif/fuzz_issue-exif/exif_cov+0x49761d)
    #1 0x4db40a in addTagNodeToIfd /src/project/exif_project/exif/exif.c:1541:43
    #2 0x4ce000 in parseIFD /src/project/exif_project/exif/exif.c:2361:13
    #3 0x4c9989 in createIfdTableArray /src/project/exif_project/exif/exif.c:271:15
    #4 0x4f4086 in main /src/project/exif_project/exif/sample_main.c:63:16
    #5 0x7ffff7c57082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)

SUMMARY: AddressSanitizer: heap-buffer-overflow /src/project/exif_project/exif/exif.c:284:21 in createIfdTableArray
Shadow bytes around the buggy address:
  0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c047fff8000: fa fa 00 00 fa fa fd fa fa fa[01]fa fa fa fa fa
  0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==61179==ABORTING

Add SECURITY.md

Hey there!

I belong to an open source security research community, and a member (@vishwaraj101) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

heap over flow

enviroment

ubuntu18.04

requirement

compile with asan

command

exif poc

poc

https://drive.google.com/file/d/1dhAwQLnuUouzrW7QJnbhjWrLlzaYS0E7/view?usp=sharing

output

==32823==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000014 at pc 0x55945eba4ad6 bp 0x7ffe35844400 sp 0x7ffe358443f0
WRITE of size 4 at 0x602000000014 thread T0
    #0 0x55945eba4ad5 in parseIFD /home/fuzz/exif/exif.c:2419
    #1 0x55945eba5c62 in createIfdTableArray /home/fuzz/exif/exif.c:271
    #2 0x55945eb9444c in main /home/fuzz/exif/sample_main.c:63
    #3 0x7efeca5e9bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
    #4 0x55945eb95279 in _start (/home/micro/all/found/exif/exif_asan+0x6279)

0x602000000014 is located 0 bytes to the right of 4-byte region [0x602000000010,0x602000000014)
allocated by thread T0 here:
    #0 0x7efecaa97b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x55945eb9d4cd in parseIFD /home/fuzz/exif/exif.c:2401

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/fuzz/exif/exif.c:2419 in parseIFD
Shadow bytes around the buggy address:
  0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c047fff8000: fa fa[04]fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==32823==ABORTING

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.