BasicImageRewriter bad memory allocation arguments
--------------------------------------------------
Key: SHINDIG-906
URL: https://issues.apache.org/jira/browse/SHINDIG-906
Project: Shindig
Issue Type: Bug
Components: Gadget Rendering Server (Java)
Affects Versions: trunk
Environment: Win32, 32bit
Reporter: Greg Squires
The Basic ImageRewriter relies on Sanselan.getICCProfile, which has limited
bounds checking. Other metadata functions are also affected.
This function can throw an Exception in ByteSourceArray.java due to a negative
byte[] allocation size. The length argument has been found to wrap when called
from IccProfileParser.java.
In 64bit machines, issues related to incorrect metadata, or ICC data can lead
to incorrect and excess memory allocations, which often fail. These large
numbers however modulo on 32bit and result in negative signed values.
The shindig test JPEGOptimizerTest behaves differently on 64 bit and 32 bit
platforms.
Line 45 ByteSourceArray.java:
public byte[] getBlock(int start, int length) throws IOException
{
if (start + length > bytes.length)
throw new IOException("Could not read block (block
start: " + start
+ ", block length: " + length + ", data
length: "
+ bytes.length + ").");
byte result[] = new byte[length];
System.arraycopy(bytes, start, result, 0, length);
return result;
}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
