Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Later
    • Affects Version/s: 0.94-incubator
    • Fix Version/s: None
    • Component/s: Format: JPEG
    • Labels:
      None
    • Environment:

      win32, 32 bit operating systems

      Description

      This function can throw an Exception in ByteSourceArray.java due to a negative byte[] allocation size. The length argument has been found to wrap when called from IccProfileParser.java.

      In 64bit machines, issues related to incorrect metadata, or ICC data can lead to incorrect and excess memory allocations. These large numbers however cause 32bit negative signed values.

      public byte[] getBlock(int start, int length) throws IOException

      { if (start + length > bytes.length) throw new IOException("Could not read block (block start: " + start + ", block length: " + length + ", data length: " + bytes.length + ")."); byte result[] = new byte[length]; System.arraycopy(bytes, start, result, 0, length); return result; }
      1. concat-app13.patch
        3 kB
        Damjan Jovanovic
      2. crash.jpeg
        95 kB
        Brien Voorhees

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            Greg Squires
          • Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 24h
              24h
              Remaining:
              Remaining Estimate - 24h
              24h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development