Catch exceptions when reading EXIF metadata

If the EXIF data is corrupted, this will cleanly return rather than
crashing with abort(). Most of these instances likely can't ever be
triggered without timing attacks that replace the image file during
operation of the program, but better safe than sorry.

Author: dfandrich

.github/workflows/ci.yml

@@ -126,7 +126,7 @@ jobs:
             cxx: g++
             target: all
             install_target: install install-po install-desktop-file
-            failing_tests: 16
+            failing_tests: 17
           - name: sanitize
             cc: clang
             gtk: 3

exif-gps.cpp

@@ -120,14 +120,20 @@ char* ReadExifData(const char* File, int* IncludesGPS, double* Lat, double* Long
 		DEBUGLOG("Failed to open file %s.\n", File);
 		return NULL;
 	}
-	Image->readMetadata();
 	if (Image.get() == NULL)
 	{
 		DEBUGLOG("Failed to read file %s %s.\n",
 			 File, Exiv2::strError().c_str());
 		return NULL;
 	}
 
+	try {
+		Image->readMetadata();
+	} catch (Exiv2::Error& e) {
+		DEBUGLOG("Failed to read EXIF metadata in %s.\n", File);
+		return NULL;
+	}
+
 	Exiv2::ExifData &ExifRead = Image->exifData();
 
 	// Read the tag out.
@@ -288,14 +294,20 @@ char* ReadGPSTimestamp(const char* File, char* DateStamp, char* TimeStamp, int*
 		DEBUGLOG("Failed to open file %s.\n", File);
 		return NULL;
 	}
-	Image->readMetadata();
 	if (Image.get() == NULL)
 	{
 		DEBUGLOG("Failed to read file %s %s.\n",
 			 File, Exiv2::strError().c_str());
 		return NULL;
 	}
 
+	try {
+		Image->readMetadata();
+	} catch (Exiv2::Error& e) {
+		DEBUGLOG("Failed to read EXIF metadata in %s.\n", File);
+		return NULL;
+	}
+
 	Exiv2::ExifData &ExifRead = Image->exifData();
 
 	// Read the tag out.
@@ -458,7 +470,6 @@ int WriteGPSData(const char* File, const struct GPSPoint* Point,
 		DEBUGLOG("Failed to open file %s.\n", File);
 		return 0;
 	}
-	Image->readMetadata();
 	if (Image.get() == NULL)
 	{
 		// It failed if we got here.
@@ -467,6 +478,13 @@ int WriteGPSData(const char* File, const struct GPSPoint* Point,
 		return 0;
 	}
 
+	try {
+		Image->readMetadata();
+	} catch (Exiv2::Error& e) {
+		DEBUGLOG("Failed to read EXIF metadata in %s.\n", File);
+		return 0;
+	}
+
 	Exiv2::ExifData &ExifToWrite = Image->exifData();
 
 	// Make sure we're starting from a clean GPS IFD.
@@ -661,7 +679,6 @@ int WriteFixedDatestamp(const char* File, struct timespec Time)
 		DEBUGLOG("Failed to open file %s.\n", File);
 		return 0;
 	}
-	Image->readMetadata();
 	if (Image.get() == NULL)
 	{
 		// It failed if we got here.
@@ -670,6 +687,13 @@ int WriteFixedDatestamp(const char* File, struct timespec Time)
 		return 0;
 	}
 
+	try {
+		Image->readMetadata();
+	} catch (Exiv2::Error& e) {
+		DEBUGLOG("Failed to read EXIF metadata in %s.\n", File);
+		return 0;
+	}
+
 	Exiv2::ExifData &ExifToWrite = Image->exifData();
 
 	const struct tm TimeStamp = *gmtime(&Time.tv_sec);
@@ -723,7 +747,6 @@ int RemoveGPSExif(const char* File, int NoChangeMtime, int NoWriteExif)
 		DEBUGLOG("Failed to open file %s.\n", File);
 		return 0;
 	}
-	Image->readMetadata();
 	if (Image.get() == NULL)
 	{
 		// It failed if we got here.
@@ -732,6 +755,13 @@ int RemoveGPSExif(const char* File, int NoChangeMtime, int NoWriteExif)
 		return 0;
 	}
 
+	try {
+		Image->readMetadata();
+	} catch (Exiv2::Error& e) {
+		DEBUGLOG("Failed to read EXIF metadata in %s.\n", File);
+		return 0;
+	}
+
 	Exiv2::ExifData &ExifInfo = Image->exifData();
 
 	if (ExifInfo.count() == 0)

tests/data/test198.param

@@ -0,0 +1,4 @@
+TITLE='Show GPS data on file with corrupt EXIF'
+COMMAND='$PROGRAM -s "$STAGINGDIR/badexif.jpg" > "$OUTFILE" 2>&1'
+RESULTCODE=1
+SEDCOMMAND='s@^.*/@@' # strip path

tests/data/test198.result

@@ -0,0 +1 @@
+badexif.jpg: No EXIF data.

tests/data/test199.param

@@ -0,0 +1,4 @@
+TITLE='Correlate a file with corrupted EXIF with --replace'
+PRECOMMAND='cat "$STAGINGDIR/badexif.jpg" >"$LOGDIR/test.jpg"'
+COMMAND='$PROGRAM -l "1 2" -R "$LOGDIR/test.jpg" > "$OUTFILE" 2>&1'
+RESULTCODE=2

tests/data/test199.result

@@ -0,0 +1,9 @@
+Legend: . = Ok, / = Interpolated, < = Rounded, - = No match, ^ = Too far
+        w = Write Fail, ? = No EXIF date, ! = GPS already present
+
+Correlate: ?
+
+Completed correlation process.
+Matched:     0 (0 Exact, 0 Interpolated, 0 Rounded).
+Failed:      1 (0 Not matched, 0 Write failure, 0 Too Far,
+                1 No Date, 0 GPS Already Present.)