add check for ICC profile validity

8 years ago · 3747f46a50
5 changed files with 67 additions and 1 deletions
--- a/src/ImageSharp/Formats/Jpeg/GolangPort/OrigJpegDecoderCore.cs
+++ b/src/ImageSharp/Formats/Jpeg/GolangPort/OrigJpegDecoderCore.cs
@ -412,6 +412,11 @@ namespace SixLabors.ImageSharp.Formats.Jpeg.GolangPort
            }

            this.InitDerivedMetaDataProperties();
+
+            if (this.MetaData.IccProfile?.CheckIsValid() == false)
+            {
+                this.MetaData.IccProfile = null;
+            }
        }

        /// <summary>
--- a/src/ImageSharp/Formats/Jpeg/PdfJsPort/PdfJsJpegDecoderCore.cs
+++ b/src/ImageSharp/Formats/Jpeg/PdfJsPort/PdfJsJpegDecoderCore.cs
@ -255,7 +255,7 @@ namespace SixLabors.ImageSharp.Formats.Jpeg.PdfJsPort
                            {
                                // It's highly unlikely that APPn related data will be found after the SOS marker
                                // We should have gathered everything we need by now.
-                                return;
+                                break;
                            }

                        case PdfJsJpegConstants.Markers.DHT:
@ -334,6 +334,11 @@ namespace SixLabors.ImageSharp.Formats.Jpeg.PdfJsPort
                // Read on.
                fileMarker = FindNextFileMarker(this.markerBuffer, this.InputStream);
            }
+
+            if (this.MetaData.IccProfile?.CheckIsValid() == false)
+            {
+                this.MetaData.IccProfile = null;
+            }
        }

        /// <inheritdoc/>
--- a/src/ImageSharp/MetaData/Profiles/ICC/IccProfile.cs
+++ b/src/ImageSharp/MetaData/Profiles/ICC/IccProfile.cs
@ -165,6 +165,20 @@ namespace SixLabors.ImageSharp.MetaData.Profiles.Icc
            Buffer.BlockCopy(bytes, 0, this.data, currentLength, bytes.Length);
        }

+        /// <summary>
+        /// Checks for signs of a corrupt profile.
+        /// </summary>
+        /// <remarks>This is not an absolute proof of validity but should weed out most corrupt data.</remarks>
+        /// <returns>True if the profile is valid; False otherwise</returns>
+        public bool CheckIsValid()
+        {
+            return Enum.IsDefined(typeof(IccColorSpaceType), this.Header.DataColorSpace) &&
+                   Enum.IsDefined(typeof(IccColorSpaceType), this.Header.ProfileConnectionSpace) &&
+                   Enum.IsDefined(typeof(IccRenderingIntent), this.Header.RenderingIntent) &&
+                   this.Header.Size >= 128 &&
+                   this.Header.Size < 50_000_000; // it's unlikely there is a profile bigger than 50MB
+        }
+
        /// <summary>
        /// Converts this instance to a byte array.
        /// </summary>
--- a/tests/ImageSharp.Tests/MetaData/Profiles/ICC/IccProfileTests.cs
+++ b/tests/ImageSharp.Tests/MetaData/Profiles/ICC/IccProfileTests.cs
@ -35,5 +35,15 @@ namespace SixLabors.ImageSharp.Tests.Icc

 #endif

+        [Theory]
+        [MemberData(nameof(IccTestDataProfiles.ProfileValidityTestData), MemberType = typeof(IccTestDataProfiles))]
+        public void CheckIsValid_WithProfiles_ReturnsValidity(byte[] data, bool expected)
+        {
+            var profile = new IccProfile(data);
+
+            bool result = profile.CheckIsValid();
+
+            Assert.Equal(expected, result);
+        }
    }
 }
--- a/tests/ImageSharp.Tests/TestDataIcc/IccTestDataProfiles.cs
+++ b/tests/ImageSharp.Tests/TestDataIcc/IccTestDataProfiles.cs
@ -132,10 +132,42 @@ namespace SixLabors.ImageSharp.Tests
                IccTestDataTagDataEntry.Unknown_Val
            });

+        public static byte[] Header_Corrupt1_Array =
+        {
+            0x81, 0xB1, 0x81, 0xE4, 0x82, 0x16, 0x82, 0x49, 0x82, 0x7B, 0x82, 0xAD, 0x82, 0xDF, 0x83, 0x11,
+            0x83, 0x43, 0x83, 0x75, 0x83, 0xA7, 0x83, 0xD8, 0x84, 0x0A, 0x84, 0x3B, 0x84, 0x6C, 0x84, 0x9E,
+            0x84, 0xCF, 0x85, 0x00, 0x85, 0x31, 0x85, 0x62, 0x85, 0x93, 0x85, 0xC3, 0x85, 0xF4, 0x86, 0x24,
+            0x86, 0x55, 0x86, 0x85, 0x86, 0xB5, 0x86, 0xE6, 0x87, 0x16, 0x87, 0x46, 0x87, 0x76, 0x87, 0xA5,
+            0x87, 0xD5, 0x88, 0x05, 0x88, 0x34, 0x88, 0x64, 0x88, 0x93, 0x88, 0xC3, 0x88, 0xF2, 0x89, 0x21,
+            0x89, 0x50, 0x89, 0x7F, 0x89, 0xAE, 0x89, 0xDD, 0x8A, 0x0C, 0x8A, 0x3B, 0x8A, 0x69, 0x8A, 0x98,
+            0x8A, 0xC6, 0x8A, 0xF5, 0x8B, 0x23, 0x8B, 0x51, 0x8B, 0x7F, 0x8B, 0xAE, 0x8B, 0xDC, 0x8C, 0x09,
+            0x8C, 0x37, 0x8C, 0x65, 0x8C, 0x93, 0x8C, 0xC1, 0x8C, 0xEE, 0x8D, 0x1C, 0x8D, 0x49, 0x8D, 0x76,
+        };
+
+        public static byte[] Header_Corrupt2_Array =
+        {
+            0x23, 0x74, 0x6D, 0x6D, 0xB1, 0xBC, 0x28, 0xB2, 0x6D, 0x0B, 0xA3, 0x9C, 0x2D, 0x60, 0x6C, 0xB4,
+            0x96, 0xF2, 0x31, 0x88, 0x6C, 0x67, 0x8B, 0xA9, 0x35, 0x31, 0x6C, 0x24, 0x81, 0xAE, 0x38, 0x64,
+            0x6B, 0xE9, 0x78, 0xEC, 0x3B, 0x28, 0x6B, 0xB7, 0x71, 0x4F, 0x3D, 0x87, 0x6B, 0x8C, 0x6A, 0xC3,
+            0x3F, 0x87, 0x6B, 0x68, 0x65, 0x33, 0x41, 0x30, 0x6B, 0x4A, 0x60, 0x8C, 0x42, 0x8C, 0x6B, 0x32,
+            0x5C, 0xB8, 0x43, 0xA2, 0x6B, 0x1F, 0x59, 0xA4, 0x44, 0x79, 0x6B, 0x10, 0x57, 0x3B, 0x45, 0x1A,
+            0x6B, 0x05, 0x55, 0x68, 0x45, 0x8D, 0x6A, 0xFE, 0x54, 0x15, 0x45, 0xDA, 0x6A, 0xF9, 0x53, 0x2A,
+            0x46, 0x16, 0x6A, 0xF5, 0x52, 0x74, 0x46, 0x27, 0x6A, 0xF4, 0x52, 0x43, 0x46, 0x27, 0x6A, 0xF4,
+            0x52, 0x43, 0x46, 0x27, 0x6A, 0xF4, 0x52, 0x43, 0x46, 0x27, 0x6A, 0xF4, 0x52, 0x43, 0x46, 0x27,
+        };
+
+
        public static object[][] ProfileIdTestData =
        {
            new object[] { Header_Random_Array, Header_Random_Id_Value },
            new object[] { Profile_Random_Array, Profile_Random_Id_Value },
        };
+
+        public static object[][] ProfileValidityTestData =
+        {
+            new object[] { Header_Corrupt1_Array, false },
+            new object[] { Header_Corrupt2_Array, false },
+            new object[] { Header_Random_Array, true },
+        };
    }
 }