packages/openjdk-1.8.0
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openjdk-1.8.0/8190332.patch

163 lines
6.5 KiB
Diff
Raw Blame History

From 90676612ff2c10688f555604908267a4528f8c9f Mon Sep 17 00:00:00 2001
Date: Fri, 22 Jan 2021 15:29:22 +0800
Subject: 8190332: PngReader throws
NegativeArraySizeException/OOM error when IHDR width is very large
Summary: <imageio>: PngReader throws NegativeArraySizeException/OOM error when IHDR width is very large
LLT:
Bug url: https://bugs.openjdk.java.net/browse/JDK-8190332
---
.../imageio/plugins/png/PNGImageReader.java | 27 ++++--
.../png/PngLargeIHDRDimensionTest.java | 86 +++++++++++++++++++
2 files changed, 106 insertions(+), 7 deletions(-)
create mode 100644 test/jdk/javax/imageio/plugins/png/PngLargeIHDRDimensionTest.java
diff --git a/jdk/src/share/classes/com/sun/imageio/plugins/png/PNGImageReader.java b/jdk/src/share/classes/com/sun/imageio/plugins/png/PNGImageReader.java
index 7da36e14b..02a11d45f 100644
--- a/jdk/src/share/classes/com/sun/imageio/plugins/png/PNGImageReader.java
+++ b/jdk/src/share/classes/com/sun/imageio/plugins/png/PNGImageReader.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1305,14 +1305,18 @@ public class PNGImageReader extends ImageReader {
this.pixelStream = new DataInputStream(is);
/*
- * NB: the PNG spec declares that valid range for width
+ * PNG spec declares that valid range for width
* and height is [1, 2^31-1], so here we may fail to allocate
* a buffer for destination image due to memory limitation.
*
- * However, the recovery strategy for this case should be
- * defined on the level of application, so we will not
- * try to estimate the required amount of the memory and/or
- * handle OOM in any way.
+ * If the read operation triggers OutOfMemoryError, the same
+ * will be wrapped in an IIOException at PNGImageReader.read
+ * method.
+ *
+ * The recovery strategy for this case should be defined at
+ * the level of application, so we will not try to estimate
+ * the required amount of the memory and/or handle OOM in
+ * any way.
*/
theImage = getDestination(param,
getImageTypes(0),
@@ -1611,7 +1615,16 @@ public class PNGImageReader extends ImageReader {
throw new IndexOutOfBoundsException("imageIndex != 0!");
}
- readImage(param);
+ try {
+ readImage(param);
+ } catch (IOException |
+ IllegalStateException |
+ IllegalArgumentException e)
+ {
+ throw e;
+ } catch (Throwable e) {
+ throw new IIOException("Caught exception during read: ", e);
+ }
return theImage;
}
diff --git a/test/jdk/javax/imageio/plugins/png/PngLargeIHDRDimensionTest.java b/test/jdk/javax/imageio/plugins/png/PngLargeIHDRDimensionTest.java
new file mode 100644
index 000000000..118a41f04
--- /dev/null
+++ b/test/jdk/javax/imageio/plugins/png/PngLargeIHDRDimensionTest.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8190332
+ * @summary Test verifies whether PNGImageReader throws IIOException
+ * or not when IHDR width value is very high.
+ * @run main PngLargeIHDRDimensionTest
+ */
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.util.Base64;
+import javax.imageio.IIOException;
+import javax.imageio.ImageIO;
+
+public class PngLargeIHDRDimensionTest {
+
+ /*
+ * IHDR width is very large and when we try to create buffer to store
+ * image information of each row it overflows and we get
+ * NegativeArraySizeException without the fix for this bug.
+ */
+ private static String negativeArraySizeExceptionInput = "iVBORw0KGgoAAAANS"
+ + "UhEUg////0AAAABEAIAAAA6fptVAAAACklEQVQYV2P4DwABAQEAWk1v8QAAAAB"
+ + "JRU5ErkJgggo=";
+
+ /*
+ * IHDR width is ((2 to the power of 31) - 2), which is the maximum VM
+ * limit to create an array we get OutOfMemoryError without the fix
+ * for this bug.
+ */
+ private static String outOfMemoryErrorInput = "iVBORw0KGgoAAAANSUhEUgAAAAF/"
+ + "///+CAAAAAA6fptVAAAACklEQVQYV2P4DwABAQEAWk1v8QAAAABJRU5"
+ + "ErkJgggo=";
+
+ private static InputStream input;
+ private static Boolean firstTestFailed = true, secondTestFailed = true;
+ public static void main(String[] args) throws java.io.IOException {
+ byte[] inputBytes = Base64.getDecoder().
+ decode(negativeArraySizeExceptionInput);
+ input = new ByteArrayInputStream(inputBytes);
+
+ try {
+ ImageIO.read(input);
+ } catch (IIOException e) {
+ firstTestFailed = false;
+ }
+
+ inputBytes = Base64.getDecoder().decode(outOfMemoryErrorInput);
+ input = new ByteArrayInputStream(inputBytes);
+
+ try {
+ ImageIO.read(input);
+ } catch (IIOException e) {
+ secondTestFailed = false;
+ }
+
+ if (firstTestFailed || secondTestFailed) {
+ throw new RuntimeException("Test doesn't throw required"
+ + " IIOException");
+ }
+ }
+}
+
--
2.19.0
Reference in New Issue View Git Blame Copy Permalink