Merge pull request #2007 from kevinbackhouse/FixIssue2006

kevinbackhouse · web-flow · commit 65fad9db0e03 · 2021-12-06T10:31:20.000Z
Fix integer overflow in PanasonicMakerNote::printAccelerometer
diff --git a/src/panasonicmn_int.cpp b/src/panasonicmn_int.cpp
@@ -691,17 +691,15 @@ namespace Exiv2 {
 
     std::ostream& PanasonicMakerNote::printAccelerometer(std::ostream& os, const Value& value, const ExifData*)
     {
-        // value is stored as unsigned int, but should be readed as signed int, so manually convert it
-        int i = value.toLong();
-        i = i - ((i & 0x8000) >> 15) * 0xffff;
+        // value is stored as unsigned int, but should be read as int16_t.
+        const int16_t i = static_cast<int16_t>(value.toLong());
         return os << i;
     }  // PanasonicMakerNote::printAccelerometer
 
     std::ostream& PanasonicMakerNote::printRollAngle(std::ostream& os, const Value& value, const ExifData*)
     {
-        // roll angle is stored as signed int, but tag states to be unsigned int
-        int i = value.toLong();
-        i = i - ((i & 0x8000) >> 15) * 0xffff;
+        // value is stored as unsigned int, but should be read as int16_t.
+        const int16_t i = static_cast<int16_t>(value.toLong());
         std::ostringstream oss;
         oss.copyfmt(os);
         os << std::fixed << std::setprecision(1) << i / 10.0;
@@ -712,10 +710,8 @@ namespace Exiv2 {
 
     std::ostream& PanasonicMakerNote::printPitchAngle(std::ostream& os, const Value& value, const ExifData*)
     {
-        // pitch angle is stored as signed int, but tag states to be unsigned int
-        // change sign to be compatible with ExifTool: positive is upwards
-        int i = value.toLong();
-        i = i - ((i & 0x8000) >> 15) * 0xffff;
+        // value is stored as unsigned int, but should be read as int16_t.
+        const int16_t i = static_cast<int16_t>(value.toLong());
         std::ostringstream oss;
         oss.copyfmt(os);
         os << std::fixed << std::setprecision(1) << -i / 10.0;
diff --git a/test/data/issue_2006_poc.tiff b/test/data/issue_2006_poc.tiff
diff --git a/tests/bugfixes/github/test_issue_2006.py b/tests/bugfixes/github/test_issue_2006.py
@@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+
+from system_tests import CaseMeta, path
+
+class PanasonicMakerPrintAccelerometerIntOverflow(metaclass=CaseMeta):
+    """
+    Regression test for the bug described in:
+    https://github.com/Exiv2/exiv2/issues/2006
+    """
+    url = "https://github.com/Exiv2/exiv2/issues/2006"
+
+    filename = path("$data_path/issue_2006_poc.tiff")
+    commands = ["$exiv2 -q -PE $filename"]
+    stderr = [""]
+    stdout = ["""Exif.Image.Make                              Ascii      32  Panasonic   
+Exif.Image.DNGPrivateData                    0x2020     32  80 97 110 97 115 111 110 105 99 32 32 32 0 32 32 255 32 32 32 32 32 255 255 255 32 255 255 198 52 32 32 0
+Exif.MakerNote.Offset                        Long        1  48
+Exif.MakerNote.ByteOrder                     Ascii       3  MM
+Exif.Panasonic.AccelerometerY                SLong       4  -224
+"""]
+    retval = [0]
