Dude and double dude! Excellent work :OD To stop the errors we started looking in files for certain strings to indicate the image would crap out CF.
Will let you know how we get on when we upgrade. Adrian > -----Original Message----- > From: Mark Kruger [mailto:[email protected]] > Sent: 09 June 2009 22:49 > To: cf-talk > Subject: RE: Image killing server (RESOLVED) > > > Adrian, > > I have an explanation and a resolution for you. The problem is a buffer > overrun in the ICC parser (a bit of color correction meta data that > ships > with the image). > > To resolve it I upgraded my JVM from 1.6.0_04 to 1.6.0_14 ... But _05 > or > above would do the trick I think. > > I'll write a blog on it and give a more thorough explanation - but > meanwhile, I found my best clues by looking not for ColdFusion related > image > issues, but javax.imagaio related image issues. I found this post: > > http://www.securiteam.com/securitynews/5SP0E1PNQA.htm > > Which lead me more closely examine the update (build) number of my JVM > install. > > I hope this helps you! > > -Mark > > Mark A. Kruger, CFG, MCSE > (402) 408-3733 ext 105 > www.cfwebtools.com > www.coldfusionmuse.com > www.necfug.com > > -----Original Message----- > From: Adrian Lynch [mailto:[email protected]] > Sent: Tuesday, June 09, 2009 10:49 AM > To: cf-talk > Subject: RE: Image killing server > > > Thanks Mark. You're right, I'm beginning to think I shouldn't have > posted it > on here now. I've submitted a bug report to Adobe. > > When I open it in GIMP I get told "The image 'killer.jpg' has an > embedded > colour profile: eciRGB v2 ICCv4". > > cftry/cfcatch doesn't help so the only way I can think of to spot this > prior > to using ImageRead() etc. is to read the file in with cffile and look > for > "eciRGB v2 ICCv4". But who's to say that will cover all the bases? > > Adrian > > > -----Original Message----- > > From: Mark Kruger [mailto:[email protected]] > > Sent: 09 June 2009 16:32 > > To: cf-talk > > Subject: RE: Image killing server > > > > > > Follow up: > > > > I can verify the image is able to be previewed and edited using > > fireworks. I can't see anything unusual about it. > > > > I have to say if it's a something that is reproducible, it's going to > > be an attack vector. I can think of 3 or 4 servers I manage that need > > a fix for this pretty quickly if it becomes common knowledge. > > > > -Mark > > > > > > Mark A. Kruger, CFG, MCSE > > (402) 408-3733 ext 105 > > www.cfwebtools.com > > www.coldfusionmuse.com > > www.necfug.com > > > > -----Original Message----- > > From: Mark Kruger [mailto:[email protected]] > > Sent: Tuesday, June 09, 2009 10:27 AM > > To: cf-talk > > Subject: RE: Image killing server > > > > > > Adrian, > > > > I verified your results on an 8.01 dev server running on my local XP > > box. > > Sure enough the service restarts. > > > > -Mark > > > > > > Mark A. Kruger, CFG, MCSE > > (402) 408-3733 ext 105 > > www.cfwebtools.com > > www.coldfusionmuse.com > > www.necfug.com > > > > -----Original Message----- > > From: Adrian Lynch [mailto:[email protected]] > > Sent: Tuesday, June 09, 2009 9:43 AM > > To: cf-talk > > Subject: Image killing server > > > > > > Hey all, got a bit of a strange one here. A user is uploading an > image > > which GIMP is reporting to have an embedded colour profile of "". > > > > When I use any of the image functions on this image, CF dies. > > > > I posted a while ago but because it was only one user we converted it > > manually and re-uploaded, now we're getting more of them. > > > > Could I ask for a sanity check by someone confirming that this image > > is killing their server too? > > > > http://www.halestorm.co.uk/images/killer.jpg > > > > Download it, create a .cfm page and do > > ImageRead(ExpandPath("./killer.jpg")) > > > > I get a blank page back then on refresh a message saying CF is > > starting up. > > > > I'm on the bug report page at the moment but I thought I would get > > someone else to test this also. > > > > Thanks. > > > > Adrian Lynch | www.halestorm.co.uk ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323329 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
