Uploaded image for project: 'Commons Imaging'
  1. Commons Imaging
  2. IMAGING-326

Use JDK's multiplyExact to avoid integer overflows

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Blocker
    • Resolution: Unresolved
    • 1.0-alpha2
    • 1.0.0-alpha6
    • imaging.*
    • None

    Description

      See PR https://github.com/apache/commons-imaging/pull/196#discussion_r790148843 for context.

      Integer overflow is a common source of problems in Imaging. The work on this issue is to address when that could happen and prevent it of doing so.

      Java 8 includes methods like multiplyExact  which are convenient for us.

      NOTE: we should start fixing it by the integer overflow in the PR linked above. Then go over the rest of the code, applying it to other places where integers are multipled/added/etc, and where the values could result in OOM or other annoying security issues (i.e. we don't need to blindly replace every + operation by addExactly).

      -Bruno

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. IMAGING-325 Prevent possible OOM error in BmpImageParser

          • Major - Major loss of function.
          • Closed

          Activity

            People

              kinow Bruno P. Kinoshita
              kinow Bruno P. Kinoshita
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 10m
                  10m