fix: incorrectly triggered enforce check during preview extraction

[hassec]

This should close #1829.

The problem was an enforce statement inside LoaderTiff::getData()

I'm not an expert on the entire preview extraction stuff so take the below with a grain of salt.
But it seems that there are previews inside a file which are defined by "stripes" or "tiles"
If that is the case, they are inside the exifdata like below:

0x0111 Exif.Image.StripOffsets                      StripOffsets                Long        1  134354
0x0117 Exif.Image.StripByteCounts                   StripByteCounts             Long        1  131328

Where the first one tells you at what offset into the file the preview starts and the second tells you how large the preview is in bytes.

But sometimes you get many offsets and counts, (who knows why, didn't really look into that yet, but the resulting image is in fact a preview 🤷‍♂️)

0x0144 Exif.SubImage3.TileOffsets                   TileOffsets                 Long       12  301748 323396 354506 429600 459954 490748 523812 592136 630472 652932 678910 726818
0x0145 Exif.SubImage3.TileByteCounts                TileByteCounts              Long       12  21647 31110 75094 30354 30793 33063 68323 38336 22459 25978 47908 46601

And that's what would trigger the bug.
You can see that the function LoaderTiff::getData() behaves differently if you need to copy many chunks.
It checks each loop iteration to make sure that the value of IdxBuf + size of current chunk doesn't overflow the DataBuf we are copying the entire image into.
It just ignored that by construction this check is going to be false on the last iteration where the two should be equal.

I'm not sure how to make a proper test case for this without introducing a large file :/
Let's add this as yet another +1 to the long list of reasons why it would really be great to soon somehow start testing more one real files.

[codecov]

Codecov Report

Merging #1835 (e5be086) into main (d3e311f) will decrease coverage by 0.00%.
The diff coverage is 50.00%.

@@            Coverage Diff             @@
##             main    #1835      +/-   ##
==========================================
- Coverage   60.59%   60.58%   -0.01%     
==========================================
  Files          96       96              
  Lines       18860    18864       +4     
  Branches     9479     9483       +4     
==========================================
+ Hits        11428    11429       +1     
- Misses       5142     5146       +4     
+ Partials     2290     2289       -1     

Impacted Files	Coverage Δ
src/preview.cpp	49.07% <50.00%> (ø)
src/tiffcomposite_int.cpp	73.93% <0.00%> (-0.31%)	⬇️
src/jpgimage.cpp	70.15% <0.00%> (+0.13%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d3e311f...e5be086. Read the comment docs.

[kevinbackhouse]

Should this be fixed on 0.27-maintenance?

[hassec]

I don't think so. It's a feature fix, but not a security issue.

In fact, the problem here is that the security was a bit too strict :D

[kevinbackhouse]

But it's a bug, isn't it? On 0.27-maintenance, we could do the simpler fix of just replacing < with <=.

[hassec]

Yep, but my understanding was that we won't do anything on 0.27-maintenance aside from security fixes.

This bug has been dormant in exiv2 for many years. The reporting user was using 0.27.2.
Thus, I wouldn't consider this a very high priority issue.

That being said, it's a tiny fix so sure we can easily port this to 0.27-maintenance, that's just ever so slightly opening the door for feature fixes....

[kevinbackhouse]

I think we should fix this one on 0.27-maintenance, since it's such a simple change. Also, it looks like the bug was caused by an over-enthusiastic security fix, so it's slightly related to security!

[hassec]

I don't have a strong opinion about this, so happy to go either way 👍

[hassec]

@Mergifyio backport 0.27-maintenance

[mergify]

Command backport 0.27-maintenance: success

Backports have been created

• #1839 fix: incorrectly triggered enforce check during preview extraction (backport #1835) has been created for branch 0.27-maintenance