[ https://issues.apache.org/jira/browse/IMAGING-332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17834510#comment-17834510 ]
Bruno P. Kinoshita edited comment on IMAGING-332 at 4/6/24 9:17 AM: -------------------------------------------------------------------- This seems to be fixed in 1.0.0-alpha4, just released (cc [~ggregory] ). I will update the changes.xml. {noformat} kinow@ranma:~/Development/java/apache/commons-imaging$ git tag --contains 0209ed7a8947d7833480f1b8ebd5d9dfd36c4480 commons-imaging-1.0.0-M1-RC1 commons-imaging-1.0.0-alpha4-RC1 rel/commons-imaging-1.0.0-alpha4 kinow@ranma:~/Development/java/apache/commons-imaging$ git log --oneline 0209ed7a8947d7833480f1b8ebd5d9dfd36c4480 | head -n 3 0209ed7a Refactor for arrays d0fa70d1 More allocation checking bb37ffe6 Test getImageSize{noformat} And trying this code: {noformat} package org.apache.commons.imaging.bytesource; import org.apache.commons.imaging.Imaging; public class Tests { public static void main(String[] args) throws Exception { byte[] input = java.util.Base64.getDecoder().decode("iVBORw0KGgoAAAAbaUNDUMlDQyCrbAAtGHZwQWdQyUNDIKtsAAAYiVBORw0KGgp1AAAASURBVA0KGgoAAAANSUhEUgAAACAAIAQACAJ/2QAAsnMAAAAAAElFTkRCYAAY"); Imaging.getAllBufferedImages(input); System.out.println("OK!"); } }{noformat} Results in {noformat} Exception in thread "main" org.apache.commons.imaging.common.AllocationRequestException: Allocation limit 1,073,741,824 exceeded: 1,962,934,272 at org.apache.commons.imaging.common.Allocator.check(Allocator.java:131) at org.apache.commons.imaging.common.BinaryFunctions.readBytes(BinaryFunctions.java:253) at org.apache.commons.imaging.formats.png.PngImageParser.readChunks(PngImageParser.java:631) at org.apache.commons.imaging.formats.png.PngImageParser.readChunks(PngImageParser.java:609) at org.apache.commons.imaging.formats.png.PngImageParser.getBufferedImage(PngImageParser.java:150) at org.apache.commons.imaging.formats.png.PngImageParser.getBufferedImage(PngImageParser.java:68) at org.apache.commons.imaging.AbstractImageParser.getAllBufferedImages(AbstractImageParser.java:259) at org.apache.commons.imaging.Imaging.getAllBufferedImages(Imaging.java:162) at org.apache.commons.imaging.Imaging.getAllBufferedImages(Imaging.java:157) at org.apache.commons.imaging.bytesource.Tests.main(Tests.java:8)Process finished with exit code 1 {noformat} was (Author: kinow): This seems to be fixed in 1.0.0-alpha4, just released (cc [~ggregory] ). I will update the changes.xml. {noformat} kinow@ranma:~/Development/java/apache/commons-imaging$ git tag --contains 0209ed7a8947d7833480f1b8ebd5d9dfd36c4480 commons-imaging-1.0.0-M1-RC1 commons-imaging-1.0.0-alpha4-RC1 rel/commons-imaging-1.0.0-alpha4 kinow@ranma:~/Development/java/apache/commons-imaging$ git log --oneline 0209ed7a8947d7833480f1b8ebd5d9dfd36c4480 | head -n 3 0209ed7a Refactor for arrays d0fa70d1 More allocation checking bb37ffe6 Test getImageSize{noformat} > OutOfMemory with invalid PNG input file > --------------------------------------- > > Key: IMAGING-332 > URL: https://issues.apache.org/jira/browse/IMAGING-332 > Project: Commons Imaging > Issue Type: Bug > Components: Format: PNG > Affects Versions: 1.0-alpha3 > Reporter: Dominik Stadler > Priority: Blocker > Labels: fuzzer > Fix For: 1.0.0-alpha4 > > Attachments: image-2022-08-14-13-50-28-786.png > > > The following snippet will cause an OOM as it tries to allocate a huge > byte-array. > > {code:java} > byte[] input = > java.util.Base64.getDecoder().decode("iVBORw0KGgoAAAAbaUNDUMlDQyCrbAAtGHZwQWdQyUNDIKtsAAAYiVBORw0KGgp1AAAASURBVA0KGgoAAAANSUhEUgAAACAAIAQACAJ/2QAAsnMAAAAAAElFTkRCYAAY"); > Imaging.getAllBufferedImages(input); {code} > All such allocations should be guarded by some limits, see e.g. > [https://poi.apache.org/apidocs/dev/org/apache/poi/util/IOUtils.html#safelyAllocate-long-int-] > for how Apache POI supports a configurable limit for allocations. > -- This message was sent by Atlassian Jira (v8.20.10#820010)