From 630487ffc5feda28aa62dc91eaeae8b0b7507851 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Wed, 19 Feb 2025 16:21:06 +0000
Subject: [PATCH] Regression test for
 https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7

(cherry picked from commit 9f8e1a57b6c6853947360d1187bc24d72056c97a)
---
 test/data/issue_ghsa_38h4_fx85_qcx7_poc.tiff  | Bin 0 -> 603 bytes
 .../github/test_issue_ghsa_38h4_fx85_qcx7.py  |  22 ++++++++++++++++++
 .../test_regression_allfiles.py               |   1 +
 tests/suite.conf                              |   1 +
 4 files changed, 24 insertions(+)
 create mode 100644 test/data/issue_ghsa_38h4_fx85_qcx7_poc.tiff
 create mode 100644 tests/bugfixes/github/test_issue_ghsa_38h4_fx85_qcx7.py

diff --git a/tests/bugfixes/github/test_issue_ghsa_38h4_fx85_qcx7.py b/tests/bugfixes/github/test_issue_ghsa_38h4_fx85_qcx7.py
new file mode 100644
index 0000000000..07082caf62
--- /dev/null
+++ b/tests/bugfixes/github/test_issue_ghsa_38h4_fx85_qcx7.py
@@ -0,0 +1,22 @@
+# -*- coding: utf-8 -*-
+
+from system_tests import CaseMeta, path
+
+
+class TiffSubIfd_use_after_free(metaclass=CaseMeta):
+    """
+    Regression test for the bug described in:
+    https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7
+    """
+
+    url = "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7"
+
+    filename = path("$data_path/issue_ghsa_38h4_fx85_qcx7_poc.tiff")
+    commands = ["$exiv2 -q fi $filename"]
+    stdout = [""]
+    stderr = [
+        """Exiv2 exception in fixiso action for file $filename:
+$kerImageWriteFailed
+"""
+    ]
+    retval = [1]
diff --git a/tests/regression_tests/test_regression_allfiles.py b/tests/regression_tests/test_regression_allfiles.py
index eb7f7cef2d..53e8de44ae 100644
--- a/tests/regression_tests/test_regression_allfiles.py
+++ b/tests/regression_tests/test_regression_allfiles.py
@@ -120,6 +120,7 @@ def get_valid_files(data_dir):
         "issue_ghsa_mxw9_qx4c_6m8v_poc.jp2",
         "issue_ghsa_hrw9_ggg3_3r4r_poc.jpg",
         "issue_ghsa_g9xm_7538_mq8w_poc.mov",
+        "issue_ghsa_38h4_fx85_qcx7_poc.tiff",
         "pocIssue283.jpg",
         "poc_1522.jp2",
         "xmpsdk.xmp",
diff --git a/tests/suite.conf b/tests/suite.conf
index c2bf1741e8..249a97fa93 100644
--- a/tests/suite.conf
+++ b/tests/suite.conf
@@ -41,6 +41,7 @@ jpegparsetest: ${ENV:exiv2_path}/jpegparsetest
 kerOffsetOutOfRange: Offset out of range
 kerFailedToReadImageData: Failed to read image data
 kerInputDataReadFailed: Failed to read input data
+kerImageWriteFailed: Failed to write image
 kerCorruptedMetadata: corrupted image metadata
 kerInvalidMalloc: invalid memory allocation request
 kerInvalidTypeValue: invalid type in tiff structure