[IMAGING-373] OutOfMemory with invalid ICO input file - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.0-alpha3
Fix Version/s: 1.0.0-alpha5
Component/s: Format: BMP, Format: ICO
Labels:
None

Language:
- Java

Description

While trying to use org.apache.commons.imaging.formats.ico.IcoImageParser to read an icon file, I'm getting OutOfMemory Error. The file is corrupted, but that should not lead to an Error.

Icon is downloaded from https://epine.es/assets/icos/epine.ico and hopefully attached to this issue.

epine.ico

Trying to debug the problem, I found out that the cause is in misinterpreting some values in org.apache.commons.imaging.formats.bmp.BmpImageParser#readBmpHeaderInfo(java.io.InputStream, org.apache.commons.imaging.FormatCompliance) method while trying to load data of the single image bitmap in given ico file.

While fileSize value is 5990, the bitmapDataOffset value parsed is 989265922. At the same time expectedDataOffset value is 70, which leads to extraBytes value of 989265852.

Then org.apache.commons.imaging.common.BinaryFunctions#readBytes(java.lang.String, java.io.InputStream, int, java.lang.String) tries to allocate byte array of size 989265852. Which exhausts available memory of the JVM.

Maybe just a simple check of extraBytes > bhi.fileSize could help?

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

epine.ico
27/Feb/24 14:14
11 kB
Milan Nikl

Issue Links

links to

GitHub Pull Request #368

Activity

People

Assignee:: Unassigned

Reporter:: Milan Nikl

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 27/Feb/24 14:28

Updated:: 02/Apr/24 18:51

Resolved:: 28/Feb/24 15:26