kinow commented on a change in pull request #37: [IMAGING-248]: ICNS: missing
element types; some safety checks
URL: https://github.com/apache/commons-imaging/pull/37#discussion_r368320786
##########
File path:
src/main/java/org/apache/commons/imaging/formats/icns/IcnsImageParser.java
##########
@@ -195,19 +195,14 @@ public void dump(final PrintWriter pw) {
}
}
- private IcnsElement readIcnsElement(final InputStream is) throws
IOException {
- final int type = read4Bytes("Type", is, "Not a Valid ICNS File",
getByteOrder()); // Icon type
- // (4
bytes)
- final int elementSize = read4Bytes("ElementSize", is, "Not a Valid
ICNS File", getByteOrder()); // Length
-
// of
-
// data
-
// (4
-
// bytes),
-
// in
-
// bytes,
-
// including
-
// this
-
// header
+ private IcnsElement readIcnsElement(final InputStream is, final int
remainingSize) throws IOException {
+ // Icon type (4 bytes)
+ final int type = read4Bytes("Type", is, "Not a Valid ICNS File",
getByteOrder());
+ // Length of data (4 bytes), in bytes, including this header
+ final int elementSize = read4Bytes("ElementSize", is, "Not a Valid
ICNS File", getByteOrder());
+ if (elementSize > remainingSize) {
Review comment:
The `groovy.icns` file mentioned in the PR fails to parse here 🤔 resulting
in an exception
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
