c2patool segfaults on altered manifest #1578
Description
Tested wtih c2patool 0.25.0 and 0.26.0. (0.26.0 came out today).
This was reported in bug #1554 and closed as fixed. It is not fixed.
Test images:
https://fotoforensics.com/analysis.php?id=f91824101020c0385029b648fb88521c00a32fe9.3245072&fmt=orig
https://fotoforensics.com/analysis.php?id=3b6a55db072618c132f81d70cea3bdd59084699a.3245072&fmt=orig
With both tests: The picture contains an active manifest and one dependency. I altered the manifest UUID to be the same as the dependency.
In the first picture, I made the active manifest look like the dependency.
In the second picture, I made the dependency look like the active manifest.
Both cause core dumps.
$ c2patool-0.26.0 ./uuidtest/test-duplicate1.jpg
Segmentation fault (core dumped)
c2patool 0.11.1 says "Error: claim could not be converted from CBOR"
c2patool 0.13.0 - 0.14.0 works. "assertion.required.missing" but the manifest is valid.
c2patool 0.16.4 says "Error: claim missing: label = urn:c2pa:76408e7a-49e6-6cff-7084-4768507ccbed"
c2patool 0.16.5 - 0.18.0 hangs indefinitely. (infinite loop?)
c2patool 0.19.0 - 0.26.0 segfaults.
Please do not close this bug until after the pushed code on github actually fixes the problem.