slice bounds out of range with some exif data

[willnorris]

I haven't had a chance to dig into this yet, but proxying https://willnorris.com/2014/01/wordpress-social-menus-rel-me/rel-me-shirt.jpg causes imageproxy to panic with:

net/http.(*conn).serve.func1(0xc000266dc0)
        /opt/go/src/net/http/server.go:1769 +0x139
panic(0xd20f40, 0x169d9c0)
        /opt/go/src/runtime/panic.go:522 +0x1b5
github.com/rwcarlsen/goexif/exif.(*readerToReaderAt).ReadAt(0xc000362900, 0xc00052e2a0, 0x2, 0x4, 0x192a4, 0xcb8280, 0x1, 0xc00052e2a0)            
        /home/willnorris/go/pkg/mod/github.com/rwcarlsen/[email protected]/exif/readerAt.go:27 +0x301                      
github.com/rwcarlsen/goexif/exif.(*offsetReaderAt).ReadAt(0xc0004b43e0, 0xc00052e2a0, 0x2, 0x4, 0x19286, 0xc00030a000, 0x0, 0x0)                   
        /home/willnorris/go/pkg/mod/github.com/rwcarlsen/[email protected]/exif/exif.go:147 +0x5f                          
github.com/rwcarlsen/goexif/tiff.DecodeDir(0xfe60c0, 0xc0004b43e0, 0x1001b60, 0x16d1250, 0x19286, 0xc000010040, 0x0, 0x1, 0x0)                     
        /home/willnorris/go/pkg/mod/github.com/rwcarlsen/[email protected]/tiff/tiff.go:150 +0xb8                          
github.com/rwcarlsen/goexif/tiff.LazyDecode(0xfe60c0, 0xc0004b43e0, 0xc000362900, 0x10a0000001e, 0x0)                                              
        /home/willnorris/go/pkg/mod/github.com/rwcarlsen/[email protected]/tiff/tiff.go:97 +0x31d                          
github.com/rwcarlsen/goexif/exif.LazyDecode(0xfe6100, 0xc000362900, 0x10, 0x18, 0xc0004b43c0)                                                      
        /home/willnorris/go/pkg/mod/github.com/rwcarlsen/[email protected]/exif/exif.go:289 +0x4f2                         
github.com/rwcarlsen/goexif/exif.Decode(0xfe6a20, 0xc0004b43c0, 0x20, 0xd67fc0, 0xfc695f)                                                          
        /home/willnorris/go/pkg/mod/github.com/rwcarlsen/[email protected]/exif/exif.go:222 +0x6e                          
willnorris.com/go/imageproxy.exifOrientation(0xfe6a20, 0xc0004b43c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)                                  
        /home/willnorris/projects/imageproxy/transform.go:231 +0x54
willnorris.com/go/imageproxy.Transform(0xc00092c000, 0x7c3e, 0xfe00, 0x4069000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)                        
        /home/willnorris/projects/imageproxy/transform.go:65 +0x1f7
willnorris.com/go/imageproxy.(*TransformingTransport).RoundTrip(0xc00000f7e0, 0xc000258400, 0x0, 0x0, 0x0)                                         
        /home/willnorris/projects/imageproxy/imageproxy.go:438 +0x366
github.com/gregjones/httpcache.(*Transport).RoundTrip(0xc0002e0f60, 0xc000258400, 0xc0002e0f60, 0x0, 0x0)                                          
        /home/willnorris/go/pkg/mod/github.com/gregjones/[email protected]/httpcache.go:214 +0x792                      
net/http.send(0xc000258400, 0xfe6020, 0xc0002e0f60, 0x0, 0x0, 0x0, 0xc000010228, 0xc0000bb7a8, 0x1, 0x0)                                           
        /opt/go/src/net/http/client.go:250 +0x461
net/http.(*Client).send(0xc0002e0f30, 0xc000258400, 0x0, 0x0, 0x0, 0xc000010228, 0x0, 0x1, 0xc000034a80)                                           
        /opt/go/src/net/http/client.go:174 +0xfb
net/http.(*Client).do(0xc0002e0f30, 0xc000258400, 0x0, 0x0, 0x0)
        /opt/go/src/net/http/client.go:641 +0x279
net/http.(*Client).Do(...)
        /opt/go/src/net/http/client.go:509
willnorris.com/go/imageproxy.(*Proxy).serveImage(0xc0002ea410, 0xff8220, 0xc000310000, 0xc000258200)                                               
        /home/willnorris/projects/imageproxy/imageproxy.go:168 +0x3a9
net/http.HandlerFunc.ServeHTTP(0xc0001b1910, 0xff8220, 0xc000310000, 0xc000258200)                                                                 
        /opt/go/src/net/http/server.go:1995 +0x44
willnorris.com/go/imageproxy.(*Proxy).ServeHTTP(0xc0002ea410, 0xff8220, 0xc000310000, 0xc000258200)                                                
        /home/willnorris/projects/imageproxy/imageproxy.go:139 +0x19e
net/http.serverHandler.ServeHTTP(0xc0002ea4e0, 0xff8220, 0xc000310000, 0xc000258200)                                                               
        /opt/go/src/net/http/server.go:2774 +0xa8
net/http.(*conn).serve(0xc000266dc0, 0xffb6a0, 0xc00007ba00)
        /opt/go/src/net/http/server.go:1878 +0x851
created by net/http.(*Server).Serve
        /opt/go/src/net/http/server.go:2884 +0x2f4

[Marcuzz]

Thought I'd mention that we also are experiencing the same problem, although I'm having trouble identifying which images in particular as we have hundreds of images being served.

[willnorris]

I can't seem to reproduce this anymore with the above image I mentioned. I haven't tried a git bisect yet to see when this started working. But if you have a reliable reproduction case that still exhibits this error on the latest imageproxy version, I'd be very interested in that so I can dig into this a bit more.

[Marcuzz]

It took me a while to find an image that reproduces this problem on the latest version consistently, but I've found one.

Here's an example of a URL that will throw a 502: Bad Gateway with this image, as well as return that exact error in the terminal.

https://cdn.dipr.no/420x280,sc,jpeg/image/b6ec75f8-325a-4414-9854-4ab6dda81e4e.jpeg

It happens whenever you try to pass any transformation to it consistently. If you pass no transformations like so then the image will actually display properly:

https://cdn.dipr.no/_/image/b6ec75f8-325a-4414-9854-4ab6dda81e4e.jpeg

(we have up-scaling enabled - and will get around to using signatures once this problem is solved to avoid getting crashed by being up-scaled into the millions)

I hope you're able to reproduce it with the same image as well.