Bug ID: 6782079 PNG: reading metadata may cause OOM on truncated images.

6782079 : PNG: reading metadata may cause OOM on truncated images.

Details

Type:	Bug	Submit Date:	2008-12-08
Status:	Closed	Updated Date:	2011-03-07
Project Name:	JDK	Resolved Date:	2011-03-07
Component:	client-libs	OS:	generic
Sub-Component:	javax.imageio	CPU:	generic
Priority:	P3
Resolution:	Fixed
Affected Versions:	7
Fixed Versions:	7

Related Reports

Backport:

JDK-2204912 - PNG: reading metadata may cause OOM on truncated images.

Sub Tasks

Description

The loop that reads null terminated strings just looks for 0 being
returned from ImageInputStream.read(). This ignores the possible value
of -1 which would indicate an end of stream. Because of this, truncated
PNG files could lead to long execution time (while the loop iterates at
the end of the stream) followed by an OutOfMemoryError (when enough -1
values have ben "read" and buffered).

Test demonstrates this problem is attached.

Comments

SUGGESTED FIX

http://sa.sfbay.sun.com/projects/java2d_data/7/6782079.1

2009-01-13

EVALUATION

This fix can be divided in two parts:

 1. Potential OOM due to infinite reading of truncated png images.
     Although submitter claimed this as a new regression, the same
     problem is present in original method readNullTerminatedString()
    (PNGImageReader.java, lines 221 - 229).
    To resolve this problem check for EOF and max allowable length
     were added to the readNullTerminatedString(). 
     The duplicate of this fiction which handles default charset was
     removed: now we just specify the ISO-8859-1 charset for non-utf
     strings.
    There was yet another attribute without specified maximum length:
     translated keyword. Now we assume that translated keyword is no
     longer that rest of data in the chunk.

 2. As a part of original fix for 6541476, some generic usage was
    introduced, and this fix converts all collections used in the
    png plugin to generics.

2009-01-13

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together