[
https://issues.apache.org/jira/browse/IMAGING-332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17834510#comment-17834510
]
Bruno P. Kinoshita edited comment on IMAGING-332 at 4/6/24 9:17 AM:
--------------------------------------------------------------------
This seems to be fixed in 1.0.0-alpha4, just released (cc [~ggregory] ). I will
update the changes.xml.
{noformat}
kinow@ranma:~/Development/java/apache/commons-imaging$ git tag --contains
0209ed7a8947d7833480f1b8ebd5d9dfd36c4480
commons-imaging-1.0.0-M1-RC1
commons-imaging-1.0.0-alpha4-RC1
rel/commons-imaging-1.0.0-alpha4
kinow@ranma:~/Development/java/apache/commons-imaging$ git log --oneline
0209ed7a8947d7833480f1b8ebd5d9dfd36c4480 | head -n 3
0209ed7a Refactor for arrays
d0fa70d1 More allocation checking
bb37ffe6 Test getImageSize{noformat}
And trying this code:
{noformat}
package org.apache.commons.imaging.bytesource;
import org.apache.commons.imaging.Imaging;
public class Tests {
public static void main(String[] args) throws Exception {
byte[] input =
java.util.Base64.getDecoder().decode("iVBORw0KGgoAAAAbaUNDUMlDQyCrbAAtGHZwQWdQyUNDIKtsAAAYiVBORw0KGgp1AAAASURBVA0KGgoAAAANSUhEUgAAACAAIAQACAJ/2QAAsnMAAAAAAElFTkRCYAAY");
Imaging.getAllBufferedImages(input);
System.out.println("OK!");
}
}{noformat}
Results in
{noformat}
Exception in thread "main"
org.apache.commons.imaging.common.AllocationRequestException: Allocation limit
1,073,741,824 exceeded: 1,962,934,272
at org.apache.commons.imaging.common.Allocator.check(Allocator.java:131)
at
org.apache.commons.imaging.common.BinaryFunctions.readBytes(BinaryFunctions.java:253)
at
org.apache.commons.imaging.formats.png.PngImageParser.readChunks(PngImageParser.java:631)
at
org.apache.commons.imaging.formats.png.PngImageParser.readChunks(PngImageParser.java:609)
at
org.apache.commons.imaging.formats.png.PngImageParser.getBufferedImage(PngImageParser.java:150)
at
org.apache.commons.imaging.formats.png.PngImageParser.getBufferedImage(PngImageParser.java:68)
at
org.apache.commons.imaging.AbstractImageParser.getAllBufferedImages(AbstractImageParser.java:259)
at org.apache.commons.imaging.Imaging.getAllBufferedImages(Imaging.java:162)
at org.apache.commons.imaging.Imaging.getAllBufferedImages(Imaging.java:157)
at org.apache.commons.imaging.bytesource.Tests.main(Tests.java:8)Process
finished with exit code 1 {noformat}
was (Author: kinow):
This seems to be fixed in 1.0.0-alpha4, just released (cc [~ggregory] ). I will
update the changes.xml.
{noformat}
kinow@ranma:~/Development/java/apache/commons-imaging$ git tag --contains
0209ed7a8947d7833480f1b8ebd5d9dfd36c4480
commons-imaging-1.0.0-M1-RC1
commons-imaging-1.0.0-alpha4-RC1
rel/commons-imaging-1.0.0-alpha4
kinow@ranma:~/Development/java/apache/commons-imaging$ git log --oneline
0209ed7a8947d7833480f1b8ebd5d9dfd36c4480 | head -n 3
0209ed7a Refactor for arrays
d0fa70d1 More allocation checking
bb37ffe6 Test getImageSize{noformat}
> OutOfMemory with invalid PNG input file
> ---------------------------------------
>
> Key: IMAGING-332
> URL: https://issues.apache.org/jira/browse/IMAGING-332
> Project: Commons Imaging
> Issue Type: Bug
> Components: Format: PNG
> Affects Versions: 1.0-alpha3
> Reporter: Dominik Stadler
> Priority: Blocker
> Labels: fuzzer
> Fix For: 1.0.0-alpha4
>
> Attachments: image-2022-08-14-13-50-28-786.png
>
>
> The following snippet will cause an OOM as it tries to allocate a huge
> byte-array.
>
> {code:java}
> byte[] input =
> java.util.Base64.getDecoder().decode("iVBORw0KGgoAAAAbaUNDUMlDQyCrbAAtGHZwQWdQyUNDIKtsAAAYiVBORw0KGgp1AAAASURBVA0KGgoAAAANSUhEUgAAACAAIAQACAJ/2QAAsnMAAAAAAElFTkRCYAAY");
> Imaging.getAllBufferedImages(input); {code}
> All such allocations should be guarded by some limits, see e.g.
> [https://poi.apache.org/apidocs/dev/org/apache/poi/util/IOUtils.html#safelyAllocate-long-int-]
> for how Apache POI supports a configurable limit for allocations.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
