Nested sub ifds parsing fix by IldarKhayrutdinov · Pull Request #2869 · SixLabors/ImageSharp

IldarKhayrutdinov · 2025-01-27T05:04:44Z

Prerequisites

I have written a descriptive pull-request title
I have verified that there are no overlapping pull-requests open
I have verified that I am following the existing coding patterns and practice as demonstrated in the repository. These follow strict Stylecop rules 👮.
I have provided test coverage for my change (where applicable)

Description

Fix for parsing multiple nested sub ifds
Fix for skipping duplicated tags

Fixes #2857

Fixes SixLabors#2857

gfoidl · 2025-01-27T15:40:49Z

src/ImageSharp/Metadata/Profiles/Exif/ExifReader.cs

+            do
            {
-                this.ReadValues(values, (uint)subIfdOffset);
+                ulong[] buf = [.. this.subIfds];


Can this allocation be avoided?
Either by stack-alloc or renting the array from the array-buffer.

reverted by 40b7be8 because a build failure https://github.com/SixLabors/ImageSharp/actions/runs/12982387631/job/36202132583,
I haven't found a beautiful solution yet

this.subIfds.lenght is almost always a small number: 1,2, <5

You can stackalloc an ulong[128] working buffer outside the loop, then in the loop slice it down if sz <= 128 or allocate an array otherwise.

@antonfirsov I forgot to mention that the loop body is executed almost always 1 time,
or frequently it is not even executed at all (subIfds==null),
the task file is the only file where there are 4 loop iterations.

almost always 1 time

Is there any practical limit on the maximum number of subIfd-s? CA2014: Potential stack overflow. is a valid static analyzer finding if a malicious actor can construct a file with a high number of subIfd-s. We need to prepare the code for such edge-cases while optimizing it for the sane ones.

Good point, high number of subIfd-s is a problem. One more problem is cyclic subifds with cross-reference that perform an infinite loop.
I don't think there is any practical point in having a high number of subIfds.
I think 8 subids and a maximum nesting level of 8 are more than enough limits.

gfoidl · 2025-01-27T15:43:46Z

src/ImageSharp/Metadata/Profiles/Exif/ExifReader.cs

+                    this.ReadValues(values, (uint)subIfdOffset);
+                }
            }
+            while (this.subIfds.Count > 0);


L195 clears the list (so count = 0). Is this condition necessary then?

L198 can add to subIfds,
nested sub ifd(s)

JimBobSquarePants · 2025-04-07T13:17:29Z

@IldarKhayrutdinov Is there much more to be done here or are you happy for me to review?

IldarKhayrutdinov · 2025-04-13T19:04:36Z

@JimBobSquarePants done

JimBobSquarePants · 2025-04-13T22:29:45Z

@JimBobSquarePants done

Legend! I’ll review today.

JimBobSquarePants

This looks great @IldarKhayrutdinov Thanks!

I'll clone and create a matching PR for V3.

IldarKhayrutdinov added 3 commits January 26, 2025 20:08

fix for loading multiple sub ifds

d48a6dd

Fixes SixLabors#2857

fix for duplicates skipping

8de08ba

fix allocation (CA2014)

40b7be8

gfoidl reviewed Jan 27, 2025

View reviewed changes

IldarKhayrutdinov and others added 2 commits January 31, 2025 15:00

Merge branch 'main' into subsub-ifd

1fbd202

Merge branch 'main' into subsub-ifd

938595b

IldarKhayrutdinov marked this pull request as ready for review April 13, 2025 19:04

limit for iteration & bufSz

14aeb3f

IldarKhayrutdinov force-pushed the subsub-ifd branch from ff54ca2 to 14aeb3f Compare April 13, 2025 19:07

JimBobSquarePants approved these changes Apr 24, 2025

View reviewed changes

JimBobSquarePants merged commit 3f3b8dd into SixLabors:main Apr 24, 2025
8 checks passed

IldarKhayrutdinov deleted the subsub-ifd branch April 24, 2025 12:05

JimBobSquarePants added a commit that referenced this pull request Apr 24, 2025

Reimplement #2869

aae2c47

JimBobSquarePants mentioned this pull request Apr 24, 2025

V3 Nested sub ifds parsing fix #2913

Merged

4 tasks

Uh oh!

Conversation

IldarKhayrutdinov commented Jan 27, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Prerequisites

Description

Uh oh!

gfoidl Jan 27, 2025

Choose a reason for hiding this comment

Uh oh!

IldarKhayrutdinov Jan 27, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

antonfirsov Jan 28, 2025

Choose a reason for hiding this comment

Uh oh!

IldarKhayrutdinov Jan 28, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

antonfirsov Jan 31, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

IldarKhayrutdinov Apr 13, 2025

Choose a reason for hiding this comment

Uh oh!

gfoidl Jan 27, 2025

Choose a reason for hiding this comment

Uh oh!

IldarKhayrutdinov Jan 27, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

JimBobSquarePants commented Apr 7, 2025

Uh oh!

IldarKhayrutdinov commented Apr 13, 2025

Uh oh!

JimBobSquarePants commented Apr 13, 2025

Uh oh!

JimBobSquarePants left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

IldarKhayrutdinov commented Jan 27, 2025 •

edited

Loading

IldarKhayrutdinov Jan 27, 2025 •

edited

Loading

IldarKhayrutdinov Jan 28, 2025 •

edited

Loading

antonfirsov Jan 31, 2025 •

edited

Loading

IldarKhayrutdinov Jan 27, 2025 •

edited

Loading