[jira] [Work logged] (IMAGING-325) Prevent possible OOM error in BmpImageParser

Sat, 22 Jan 2022 13:54:05 -0800 


     [ 
https://issues.apache.org/jira/browse/IMAGING-325?focusedWorklogId=713258&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-713258
 ]

ASF GitHub Bot logged work on IMAGING-325:
------------------------------------------

                Author: ASF GitHub Bot
            Created on: 22/Jan/22 21:53
            Start Date: 22/Jan/22 21:53
    Worklog Time Spent: 10m 
      Work Description: kinow commented on a change in pull request #196:
URL: https://github.com/apache/commons-imaging/pull/196#discussion_r790188690



##########
File path: 
src/main/java/org/apache/commons/imaging/formats/bmp/BmpImageParser.java
##########
@@ -385,6 +385,10 @@ private BmpImageContents readImageContents(final 
InputStream is,
                     + bhi.compression);
         }
 
+        if (paletteLength < 0) {
+            throw new ImageReadException("Invalid negative palette length: " + 
paletteLength);

Review comment:
       Maybe we can write some helper functions to identify when an overflow 
will occur? Similar to these ones: 
https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow
   
   Adding a TODO to replace by 
[multiplyExact](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Math.html#multiplyExact(int,int))
 when we move to Java 11?
   
   If that looks good, I'd prefer to fix this issue as-is, and create a 
separate issue for this (with a mention to this PR), since there are lots of 
other places that would use these functions. WDYT?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 713258)
    Time Spent: 1h 10m  (was: 1h)

> Prevent possible OOM error in BmpImageParser
> --------------------------------------------
>
>                 Key: IMAGING-325
>                 URL: https://issues.apache.org/jira/browse/IMAGING-325
>             Project: Commons Imaging
>          Issue Type: Improvement
>          Components: Format: BMP
>            Reporter: Bruno P. Kinoshita
>            Assignee: Bruno P. Kinoshita
>            Priority: Major
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to