Uploaded image for project: 'Commons Imaging'
  1. Commons Imaging
  2. IMAGING-25

integer overflow unhandled

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Later
    • 0.94-incubator
    • None
    • Format: JPEG
    • None
    • win32, 32 bit operating systems

    Description

      This function can throw an Exception in ByteSourceArray.java due to a negative byte[] allocation size. The length argument has been found to wrap when called from IccProfileParser.java.

      In 64bit machines, issues related to incorrect metadata, or ICC data can lead to incorrect and excess memory allocations. These large numbers however cause 32bit negative signed values.

      public byte[] getBlock(int start, int length) throws IOException

      { if (start + length > bytes.length) throw new IOException("Could not read block (block start: " + start + ", block length: " + length + ", data length: " + bytes.length + ")."); byte result[] = new byte[length]; System.arraycopy(bytes, start, result, 0, length); return result; }

      Attachments

        1. concat-app13.patch
          3 kB
          Damjan Jovanovic
        2. crash.jpeg
          95 kB
          Brien Voorhees

        Activity

          People

            Unassigned Unassigned
            gregsq Greg Squires
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 24h
                24h
                Remaining:
                Remaining Estimate - 24h
                24h
                Logged:
                Time Spent - Not Specified
                Not Specified