python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-09-24 21:17:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update fuzz_exif.py

Browse Source
This commit is contained in:
Roshan Sah 2025-05-21 21:31:45 +05:30 committed by GitHub
parent c8c708f852
commit 624858e558
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 16 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
Tests/oss-fuzz/fuzz_exif.py
View File

@ -1,17 +1,11 @@
# Enhanced Fuzz Target for Pillow: EXIF Metadata Fuzzing
This fuzz target focuses on testing the EXIF metadata handling capabilities of Pillow, which is an area not specifically targeted by the existing fuzzers.
```python
#!/usr/bin/env python3
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@ -19,90 +13,54 @@ This fuzz target focuses on testing the EXIF metadata handling capabilities of P
# See the License for the specific language governing permissions and
# limitations under the License.
import sys
import io
import atheris
from atheris.import_hook import instrument_imports
with instrument_imports():
import io
import sys
from PIL import Image, ExifTags
from PIL import ExifTags, Image
def TestOneInput(data):
if len(data) < 10: # Skip inputs that are too small
if len(data) < 10:
return
try:
# Create a BytesIO object from the fuzzer data
image_io = io.BytesIO(data)
# Try to open the image
with Image.open(image_io) as img:
# Test EXIF extraction
try:
exif = img._getexif()
if exif:
# Process EXIF data
for tag_id, value in exif.items():
# Try to get the tag name
tag_name = ExifTags.TAGS.get(tag_id, tag_id)
# Try to convert GPS info
if tag_id == 34853: # GPSInfo tag
if tag_id == 34853: # GPSInfo
for gps_tag, gps_value in value.items():
gps_tag_name = ExifTags.GPSTAGS.get(gps_tag, gps_tag)
except Exception:
# Catch exceptions from EXIF processing
pass
# Test thumbnail extraction from EXIF
try:
if hasattr(img, 'getexif'):
if hasattr(img, "getexif"):
exif = img.getexif()
if exif:
# Try to extract thumbnail if present
if hasattr(exif, 'get_thumbnail'):
thumbnail = exif.get_thumbnail()
if thumbnail:
# Try to open the thumbnail
thumb_img = Image.open(io.BytesIO(thumbnail))
thumb_img.load()
if exif and hasattr(exif, "get_thumbnail"):
thumbnail = exif.get_thumbnail()
if thumbnail:
thumb_img = Image.open(io.BytesIO(thumbnail))
thumb_img.load()
except Exception:
# Catch exceptions from thumbnail extraction
pass
except Exception:
# Catch all other exceptions
pass
def main():
atheris.Setup(sys.argv, TestOneInput)
atheris.Fuzz()
if __name__ == "__main__":
main()
```
## Features
This fuzz target specifically tests:
1. EXIF metadata extraction from images
2. Processing of EXIF tags and values
3. GPS information handling
4. Thumbnail extraction from EXIF data
## Integration
To integrate this fuzz target:
1. Save it as `fuzz_exif.py` in the `Tests/oss-fuzz/` directory
2. Update the `build.sh` script to include this target in the build process
3. Test locally to ensure it works correctly
4. Submit as part of a pull request to the Pillow repository
## Expected Benefits
- Increased coverage of EXIF metadata handling code
- Potential discovery of bugs in metadata parsing
- Better handling of malformed EXIF data
- Improved security for applications processing images with metadata