commit aa5da5f532016b167f1df61973fd4a8af17a86b8
author Taesu Lee <taesu82.lee@samsung.com> Mon May 08 11:21:40 2017 +0900
committer Luca Stefani <luca.stefani.ge1@gmail.com> Fri Feb 07 16:25:38 2020 +0100
tree a188a1c1ac081e1a343d34feae6cfbf56091086f
parent bf0f242f8d99b02819793bf9c25f2432b2f49c3a

Fix NPE caused by invalid IFD0 offset

NPE occurs when current IFD0 offset is smaller than default IFD offset.
Just skip invalid tag instead.

Test: Manual

Change-Id: I184794e7ee227849da7d2ecf3cf647e69dc91610
Signed-off-by: Taesu Lee <taesu82.lee@samsung.com>

src/com/android/messaging/util/exif/ExifParser.java

diff --git a/src/com/android/messaging/util/exif/ExifParser.java b/src/com/android/messaging/util/exif/ExifParser.java
index 4b6cf68..46f253e 100644
--- a/src/com/android/messaging/util/exif/ExifParser.java
+++ b/src/com/android/messaging/util/exif/ExifParser.java
@@ -224,8 +224,8 @@
         mIfdType = IfdId.TYPE_IFD_0;
         if (isIfdRequested(IfdId.TYPE_IFD_0) || needToParseOffsetsInCurrentIfd()) {
             registerIfd(IfdId.TYPE_IFD_0, offset);
-            if (offset != DEFAULT_IFD0_OFFSET) {
-                mDataAboveIfd0 = new byte[(int) offset - DEFAULT_IFD0_OFFSET];
+            if (mIfd0Position > DEFAULT_IFD0_OFFSET) {
+                mDataAboveIfd0 = new byte[mIfd0Position - DEFAULT_IFD0_OFFSET];
                 read(mDataAboveIfd0);
             }
         }
@@ -558,7 +558,9 @@
             }
             // Some invalid images put some undefined data before IFD0.
             // Read the data here.
-            if ((offset < mIfd0Position) && (dataFormat == ExifTag.TYPE_UNDEFINED)) {
+            if (mDataAboveIfd0 != null
+                    && offset < mIfd0Position
+                    && dataFormat == ExifTag.TYPE_UNDEFINED) {
                 byte[] buf = new byte[(int) numOfComp];
                 System.arraycopy(mDataAboveIfd0, (int) offset - DEFAULT_IFD0_OFFSET,
                         buf, 0, (int) numOfComp);