[jira] [Commented] (IMAGING-373) OutOfMemory with invalid ICO input file

Wed, 28 Feb 2024 01:40:44 -0800 


    [ 
https://issues.apache.org/jira/browse/IMAGING-373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17821583#comment-17821583
 ] 

Milan Nikl commented on IMAGING-373:
------------------------------------

Using [https://github.com/drewnoakes/metadata-extractor] to check given file's 
metadata, I can see:
 * [ICO] Image Size Bytes - 5960
 * [ICO] Image Offset Bytes - 22

Using org.apache.commons.imaging.formats.ico.IcoImageParser#readIconInfo I can 
see the same:
 * imageSize = 5960
 * imageOffset = 22

So it looks like the problem is in transition to bitmap in 
_org.apache.commons.imaging.formats.ico.IcoImageParser#readBitmapIconData_ 
where:
 * _colorsUsed = 247316463_ which leads to {_}bitmapPixelsOffset = 
989265922{_}, while _bitmapSize = 5990_ and _restOfFile.length = 5920_

> OutOfMemory with invalid ICO input file
> ---------------------------------------
>
>                 Key: IMAGING-373
>                 URL: https://issues.apache.org/jira/browse/IMAGING-373
>             Project: Commons Imaging
>          Issue Type: Bug
>          Components: Format: BMP, Format: ICO
>    Affects Versions: 1.0-alpha3
>            Reporter: Milan Nikl
>            Priority: Major
>         Attachments: epine.ico
>
>
> While trying to _use org.apache.commons.imaging.formats.ico.IcoImageParser_ 
> to read an icon file, I'm getting OutOfMemory Error. The file is corrupted, 
> but that should not lead to an Error.
> Icon is downloaded from [https://epine.es/assets/icos/epine.ico] and 
> hopefully attached to this issue.
> [^epine.ico]
>  
> Trying to debug the problem, I found out that the cause is in misinterpreting 
> some values in 
> _org.apache.commons.imaging.formats.bmp.BmpImageParser#readBmpHeaderInfo(java.io.InputStream,
>  org.apache.commons.imaging.FormatCompliance)_ method while trying to load 
> data of the single image bitmap in given ico file.
> While _fileSize_ value is 5990, the _bitmapDataOffset_ value parsed is 
> 989265922. At the same time _expectedDataOffset_ value is 70,  which leads to 
> _extraBytes_ value of 989265852.
> Then 
> _org.apache.commons.imaging.common.BinaryFunctions#readBytes(java.lang.String,
>  java.io.InputStream, int, java.lang.String)_ tries to allocate byte array of 
> size 989265852. Which exhausts available memory of the JVM.
> Maybe just a simple check of _extraBytes > bhi.fileSize_ could help?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to