Harmony
  1. Harmony
  2. HARMONY-4749

[classlib][awt][image] GifDecoder throws ArrayIndexOutOfBoundsException

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None

      Description

      On some files, GifDecoder throws ArrayIndexOutOfBoundsException. Here's the reproducer:

      import javax.swing.JFrame;
      import javax.swing.JEditorPane;
      public class Test {
      public static void main(String argv[]) {
      try

      { JFrame frame = new JFrame("Test"); frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); frame.setSize(100, 100); frame.add(new JEditorPane("text/html", "<img src=\"file:triangle-rt.gif\">")); frame.setVisible(true); }

      catch (Throwable e)

      { e.printStackTrace(System.out); }

      }
      }

      Output on Harmony/IBM VME:

      java.lang.ArrayIndexOutOfBoundsException
      at java.lang.System.arraycopy(System.java:327)
      at java.lang.System.arraycopy(System.java:237)
      at org.apache.harmony.awt.gl.image.OffscreenImage.setPixels(OffscreenImage.java:286)
      at org.apache.harmony.awt.gl.image.ImageDecoder.setPixels(ImageDecoder.java:180)
      at org.apache.harmony.awt.gl.image.GifDecoder$GifGraphicBlock.sendNewData(GifDecoder.java:446)
      at org.apache.harmony.awt.gl.image.GifDecoder.decodeImage(GifDecoder.java:221)
      at org.apache.harmony.awt.gl.image.DecodingImageSource.load(DecodingImageSource.java:252)
      at org.apache.harmony.awt.gl.image.ImageLoader.run(ImageLoader.java:153)

      Also, the exception causes an image placeholder to be displayed instead of the image (see attached screenshots).

      On DRLVM (both Jit and Interpreter), the same test crashes instead of throwing exception (see attached screenshot, clicking Retry - Debug doesn't provide any detail). As the crash occurs in exactly the same local situation, I suppose the problem is not in DRLVM but in classlib indeed. If investigation proves otherwise - a separate issue would have to be filed.

      The test file triggering the bug is triangle-rt.gif file from Abbot package (http://abbot.sourceforge.net). This file is attached here purely for purpose of reproducing and localizing the bug, and as Abbot is CPL, I suppose this file must not be included into Harmony in any form.

      The problem was discovered while trying to run Abbot Costello on Harmony.

      1. triangle-rt.gif
        0.1 kB
        Vasily Zakharov
      2. RI.jpg
        4 kB
        Vasily Zakharov
      3. IBMVME.jpg
        4 kB
        Vasily Zakharov
      4. DRLVM.jpg
        22 kB
        Vasily Zakharov

        Activity

        Hide
        Vasily Zakharov added a comment -

        Rather interesting is if exception is caught at OffscreenImage.setPixels(), the image is displayed correctly on IBM VME. The crash on DRLVM occurs anyway.

        The call to System.arraycopy() causing the problem is:
        System.arraycopy(byte[256], 256, byte[256], 256, 16);

        Reproducing this situation separately doesn't cause a crash on DRLVM.

        Show
        Vasily Zakharov added a comment - Rather interesting is if exception is caught at OffscreenImage.setPixels(), the image is displayed correctly on IBM VME. The crash on DRLVM occurs anyway. The call to System.arraycopy() causing the problem is: System.arraycopy(byte [256] , 256, byte [256] , 256, 16); Reproducing this situation separately doesn't cause a crash on DRLVM.
        Hide
        Vasily Zakharov added a comment -

        This issue effectively prevents Abbot Costello from running on Harmony.

        Show
        Vasily Zakharov added a comment - This issue effectively prevents Abbot Costello from running on Harmony.
        Hide
        Vasily Zakharov added a comment -

        The cause for the problem is native GifDecoder.decode() returns height 17 instead of 16 for this image.

        Show
        Vasily Zakharov added a comment - The cause for the problem is native GifDecoder.decode() returns height 17 instead of 16 for this image.
        Hide
        Vasily Zakharov added a comment -

        decoder->pixelsDecoded is set incorrectly in function decompress(), gifdecoder.c, line 842:

        decoder->pixelsDecoded = decoder->oldPixelsDecoded + i;

        At this point, i reaches value of 272, which is ok for 16x17 image, but the image in question is 16x16, so i must be 256 at most. This is the cause of further problem.

        To find out why i gets too large, GIF decoding logic in decompress() must be investigated.

        Show
        Vasily Zakharov added a comment - decoder->pixelsDecoded is set incorrectly in function decompress(), gifdecoder.c, line 842: decoder->pixelsDecoded = decoder->oldPixelsDecoded + i; At this point, i reaches value of 272, which is ok for 16x17 image, but the image in question is 16x16, so i must be 256 at most. This is the cause of further problem. To find out why i gets too large, GIF decoding logic in decompress() must be investigated.
        Hide
        Alexei Zakharov added a comment -

        The good news is that DRLVM doesn't crash any more. Now it behaves exactly as J9 on the above test.

        Show
        Alexei Zakharov added a comment - The good news is that DRLVM doesn't crash any more. Now it behaves exactly as J9 on the above test.
        Hide
        Vasily Zakharov added a comment -

        Alexei, which platform, revision, build type have you used to verify that?

        I checked Windows XP debug build a couple of days ago, and the bug was still there.

        Show
        Vasily Zakharov added a comment - Alexei, which platform, revision, build type have you used to verify that? I checked Windows XP debug build a couple of days ago, and the bug was still there.

          People

          • Assignee:
            Unassigned
            Reporter:
            Vasily Zakharov
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:

              Development