Just my personal opinion as a mentor for Sanselan, but since Sanselan will never be able to win the performance contest in image handling, I can see the benefit of positioning Sanselan as a specialist for secure image processing (in addition to the current focus points). ImageIO is probably good enough for most so Sanselan has a somewhat difficult stand to position itself.
BTW, the attachment you mentioned is missing. But it's probably best to open a new issue in JIRA and attach it there. On 22.01.2009 23:38:43 Louis Ryan wrote: > Hi > > Ive been investigating using Sanselan as part of an image rewriting feature > we are including in the Shindig project ( > http://incubator.apache.org/shindig/). The goal is to rewrite images fetched > through an HTTP proxy to reduce their size either by switching encoding e.g. > BMP -> PNG or by stripping metadata (EXIF, comments ...) Im primarily using > Sanselan to parse the image metadata to avoid exposing the code to the many > security vulnerabilities that exist in ImageIO on various VMs such as > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0243 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789 > > This works very well as Sanselan is very strict in how it parses certain > datastructures such as ICC profiles where specially crafted images could > cause buffer overrun attacks in the native libraries in ImageIO. I have a > set of images that reproduce some of the common attacks against ImageIO that > I'm testing with and Sanselan does very well against them. I currently have > one image that can cause an OutOfMemory error by misrepresenting the number > of ICC tags when parsing the ICC profile (attached). Having a VM die from > OutOfMemory is better than a security vulnerability. > > I was wondering whether you consider robustness against malicious image > parsing something you would like your code to handle (Id be happy to provide > test cases for what I have). As a more amorphous topic there is a real > shortage of secure image processing available in Java, most libraries are > designed for speed and not for robustness or defensiveness, building those > facilities in your project would be a boon to mankind and likely to attract > a great number of interested folks, myself included, to contribute actively. > > Best > > Louis Ryan Jeremias Maerki
