|
Quick Lists
|
|
Bug ID:
|
6782079
|
|
Votes
|
0
|
|
Synopsis
|
PNG: reading metadata may cause OOM on truncated images.
|
|
Category
|
java:imageio
|
|
Reported Against
|
|
|
Release Fixed
|
7(b54)
|
|
State
|
10-Fix Delivered,
bug
|
|
Priority:
|
3-Medium
|
|
Related Bugs
|
|
|
Submit Date
|
08-DEC-2008
|
|
Description
|
The loop that reads null terminated strings just looks for 0 being
returned from ImageInputStream.read(). This ignores the possible value
of -1 which would indicate an end of stream. Because of this, truncated
PNG files could lead to long execution time (while the loop iterates at
the end of the stream) followed by an OutOfMemoryError (when enough -1
values have ben "read" and buffered).
Test demonstrates this problem is attached.
Posted Date : 2008-12-08 12:14:56.0
|
|
Work Around
|
N/A
|
|
Evaluation
|
This fix can be divided in two parts:
1. Potential OOM due to infinite reading of truncated png images.
Although submitter claimed this as a new regression, the same
problem is present in original method readNullTerminatedString()
(PNGImageReader.java, lines 221 - 229).
To resolve this problem check for EOF and max allowable length
were added to the readNullTerminatedString().
The duplicate of this fiction which handles default charset was
removed: now we just specify the ISO-8859-1 charset for non-utf
strings.
There was yet another attribute without specified maximum length:
translated keyword. Now we assume that translated keyword is no
longer that rest of data in the chunk.
2. As a part of original fix for 6541476, some generic usage was
introduced, and this fix converts all collections used in the
png plugin to generics.
Posted Date : 2009-01-13 16:00:40.0
|
|
Comments
|
PLEASE NOTE: JDK6 is formerly known as Project Mustang
|
|
|
|
