From ae84ff67e9f6e6f1d2ef5e30645d241098f4a277 Mon Sep 17 00:00:00 2001
From: Brian Popow <popow@gmx.de>
Date: Mon, 13 Dec 2021 16:45:40 +0100
Subject: [PATCH] Break if there are more then 65534 IFD directories, fixes
 #1897

---
 src/ImageSharp/Formats/Tiff/Ifd/DirectoryReader.cs | 12 ++++++++++--
 src/ImageSharp/Formats/Tiff/Ifd/EntryReader.cs     |  2 +-
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/ImageSharp/Formats/Tiff/Ifd/DirectoryReader.cs b/src/ImageSharp/Formats/Tiff/Ifd/DirectoryReader.cs
index 8b2c6bd3a0..26cb12d425 100644
--- a/src/ImageSharp/Formats/Tiff/Ifd/DirectoryReader.cs
+++ b/src/ImageSharp/Formats/Tiff/Ifd/DirectoryReader.cs
@@ -18,9 +18,11 @@ namespace SixLabors.ImageSharp.Formats.Tiff
 
         private uint nextIfdOffset;
 
+        private const int DirectoryMax = 65534;
+
         // used for sequential read big values (actual for multiframe big files)
         // todo: different tags can link to the same data (stream offset) - investigate
-        private readonly SortedList<uint, Action> lazyLoaders = new SortedList<uint, Action>(new DuplicateKeyComparer<uint>());
+        private readonly SortedList<uint, Action> lazyLoaders = new(new DuplicateKeyComparer<uint>());
 
         public DirectoryReader(Stream stream) => this.stream = stream;
 
@@ -48,7 +50,8 @@ namespace SixLabors.ImageSharp.Formats.Tiff
             {
                 return ByteOrder.LittleEndian;
             }
-            else if (headerBytes[0] == TiffConstants.ByteOrderBigEndian && headerBytes[1] == TiffConstants.ByteOrderBigEndian)
+
+            if (headerBytes[0] == TiffConstants.ByteOrderBigEndian && headerBytes[1] == TiffConstants.ByteOrderBigEndian)
             {
                 return ByteOrder.BigEndian;
             }
@@ -67,6 +70,11 @@ namespace SixLabors.ImageSharp.Formats.Tiff
                 this.nextIfdOffset = reader.NextIfdOffset;
 
                 readers.Add(reader);
+
+                if (readers.Count >= DirectoryMax)
+                {
+                    TiffThrowHelper.ThrowImageFormatException("TIFF image contains too many directories");
+                }
             }
 
             // Sequential reading big values.
diff --git a/src/ImageSharp/Formats/Tiff/Ifd/EntryReader.cs b/src/ImageSharp/Formats/Tiff/Ifd/EntryReader.cs
index 7cd508c09a..be4f59bffc 100644
--- a/src/ImageSharp/Formats/Tiff/Ifd/EntryReader.cs
+++ b/src/ImageSharp/Formats/Tiff/Ifd/EntryReader.cs
@@ -23,7 +23,7 @@ namespace SixLabors.ImageSharp.Formats.Tiff
             this.lazyLoaders = lazyLoaders;
         }
 
-        public List<IExifValue> Values { get; } = new List<IExifValue>();
+        public List<IExifValue> Values { get; } = new();
 
         public uint NextIfdOffset { get; private set; }