c2patool
c2patool copied to clipboard
contentauth
c2pa tool version 0.6.2 failed to validate jpg file with APP marker segment with length = 2 (i.e. 0 data segment)
running latest c2patool (0.6.2) on this jpg image
D:\test\c2patool\0.6.2\c2patool\c2patool.exe -d ProvenanceOutput-Markers.jpg
failed with
{
"code": "assertion.dataHash.mismatch",
"url": "self#jumbf=/c2pa/contoso:urn:uuid:FA0E000D-FA0E-000D-FA0E-000DFA0E000D/c2pa.assertions/c2pa.hash.boxes",
"explanation": "asset hash error: hash verification( Box hash name not found )"
}
This is image is attached.
Note that this is okay with 0.6.0.
Debugged into this a bit, it seems that the latest c2patool integrated jfifdump library (commit 9023ce53a52ee4bccd62c8f634b27c95b6257cbb in c2pa-rs on Oct 4).
The library will error out when the length of a marker is '2' (i.e. corresponds data segment is of length 0), see code here
https://github.com/vstroebel/jfifdump/blob/main/jfifdump/src/reader.rs line 64
fn read_length(&mut self) -> Result<usize, JfifError> {
let length = self.read_u16()? as usize;
if length <= 2 {
return Err(JfifError::InvalidMarkerLength(length));
}
Ok(length - 2)
}
But from JPEG spec, length = 2 is legal for APPn box (see B.2.4.6 of ISO+IEC+10918-1-1994.pdf), so it seems that jfifdump should be modified to use
if length < 2 { ...
We've opened up the following issue in the jfifdump repo: https://github.com/vstroebel/jfifdump/issues/6. Will look into opening a PR if that issue fails to get traction.
Issue is fixed in latest c2p-rs main branch. I will update this issue when we recreate a new c2patool release.
