fix: Fix UB in exif parsing of corrupt data (AcademySoftwareFoundation#5113)

Corrupted exif data could put a value in a "tiff data type" field that
is not one of the valid enum values. That's UB. Identified by running
the sanitizer with a newer clang than we usually do.

---------

Signed-off-by: Larry Gritz <lg@larrygritz.com>
Signed-off-by: Vlad (Kuzmin) Erium <libalias@gmail.com>

Author: lgritz

src/include/OpenImageIO/tiffutils.h

@@ -159,9 +159,7 @@ OIIO_NAMESPACE_3_1_BEGIN
 /// obvious equivalent.
 OIIO_API TypeDesc tiff_datatype_to_typedesc (TIFFDataType tifftype, size_t tiffcount=1);
 
-inline TypeDesc tiff_datatype_to_typedesc (const TIFFDirEntry& dir) {
-    return tiff_datatype_to_typedesc (TIFFDataType(dir.tdir_type), dir.tdir_count);
-}
+OIIO_API TypeDesc tiff_datatype_to_typedesc (const TIFFDirEntry& dir);
 
 /// Return the data size (in bytes) of the TIFF type.
 OIIO_API size_t tiff_data_size (TIFFDataType tifftype);

src/libOpenImageIO/exif.cpp

@@ -178,6 +178,22 @@ tiff_data_size(const TIFFDirEntry& dir)
 
 
 
+TypeDesc
+tiff_datatype_to_typedesc(const TIFFDirEntry& dir)
+{
+    // Check for corrupt/invalid value
+#if defined(TIFF_VERSION_BIG)
+    if (dir.tdir_type > TIFF_IFD8)
+#else
+    if (dir.tdir_type > TIFF_IFD)
+#endif
+        return TypeUnknown;
+    return tiff_datatype_to_typedesc(TIFFDataType(dir.tdir_type),
+                                     dir.tdir_count);
+}
+
+
+
 TypeDesc
 tiff_datatype_to_typedesc(TIFFDataType tifftype, size_t tiffcount)
 {
@@ -208,6 +224,7 @@ tiff_datatype_to_typedesc(TIFFDataType tifftype, size_t tiffcount)
     case TIFF_SLONG8: return TypeDesc(TypeDesc::INT64, tiffcount);
     case TIFF_IFD8: return TypeUnknown;
 #endif
+    default: break;
     }
     return TypeUnknown;
 }