Mercurial > hg > openjdk > jdk8u > jdk

changeset 14406:b959bffd74b8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8190332: PngReader throws NegativeArraySizeException/OOM error when IHDR width is very large Reviewed-by: prr, pnarayanan
author jdv
date Mon, 20 Nov 2017 11:02:54 +0530
parents 48ed9b5e1d9b
children 094057298322
files src/share/classes/com/sun/imageio/plugins/png/PNGImageReader.java test/javax/imageio/plugins/png/PngLargeIHDRDimensionTest.java
diffstat 2 files changed, 105 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/imageio/plugins/png/PNGImageReader.java	Wed Mar 17 20:41:45 2021 +0000
+++ b/src/share/classes/com/sun/imageio/plugins/png/PNGImageReader.java	Mon Nov 20 11:02:54 2017 +0530
@@ -1305,14 +1305,18 @@
             this.pixelStream = new DataInputStream(is);
 
             /*
-             * NB: the PNG spec declares that valid range for width
+             * PNG spec declares that valid range for width
              * and height is [1, 2^31-1], so here we may fail to allocate
              * a buffer for destination image due to memory limitation.
              *
-             * However, the recovery strategy for this case should be
-             * defined on the level of application, so we will not
-             * try to estimate the required amount of the memory and/or
-             * handle OOM in any way.
+             * If the read operation triggers OutOfMemoryError, the same
+             * will be wrapped in an IIOException at PNGImageReader.read
+             * method.
+             *
+             * The recovery strategy for this case should be defined at
+             * the level of application, so we will not try to estimate
+             * the required amount of the memory and/or handle OOM in
+             * any way.
              */
             theImage = getDestination(param,
                                       getImageTypes(0),
@@ -1611,7 +1615,16 @@
             throw new IndexOutOfBoundsException("imageIndex != 0!");
         }
 
-        readImage(param);
+        try {
+            readImage(param);
+        } catch (IOException |
+                 IllegalStateException |
+                 IllegalArgumentException e)
+        {
+            throw e;
+        } catch (Throwable e) {
+            throw new IIOException("Caught exception during read: ", e);
+        }
         return theImage;
     }
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/imageio/plugins/png/PngLargeIHDRDimensionTest.java	Mon Nov 20 11:02:54 2017 +0530
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug     8190332
+ * @summary Test verifies whether PNGImageReader throws IIOException
+ *          or not when IHDR width value is very high.
+ * @run     main PngLargeIHDRDimensionTest
+ */
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.util.Base64;
+import javax.imageio.IIOException;
+import javax.imageio.ImageIO;
+
+public class PngLargeIHDRDimensionTest {
+
+    /*
+     * IHDR width is very large and when we try to create buffer to store
+     * image information of each row it overflows and we get
+     * NegativeArraySizeException without the fix for this bug.
+     */
+    private static String negativeArraySizeExceptionInput = "iVBORw0KGgoAAAANS"
+            + "UhEUg////0AAAABEAIAAAA6fptVAAAACklEQVQYV2P4DwABAQEAWk1v8QAAAAB"
+            + "JRU5ErkJgggo=";
+
+    /*
+     * IHDR width is ((2 to the power of 31) - 2), which is the maximum VM
+     * limit to create an array we get OutOfMemoryError without the fix
+     * for this bug.
+     */
+    private static String outOfMemoryErrorInput = "iVBORw0KGgoAAAANSUhEUgAAAAF/"
+            + "///+CAAAAAA6fptVAAAACklEQVQYV2P4DwABAQEAWk1v8QAAAABJRU5"
+            + "ErkJgggo=";
+
+    private static InputStream input;
+    private static Boolean firstTestFailed = true, secondTestFailed = true;
+    public static void main(String[] args) throws java.io.IOException {
+        byte[] inputBytes = Base64.getDecoder().
+                decode(negativeArraySizeExceptionInput);
+        input = new ByteArrayInputStream(inputBytes);
+
+        try {
+            ImageIO.read(input);
+        } catch (IIOException e) {
+            firstTestFailed = false;
+        }
+
+        inputBytes = Base64.getDecoder().decode(outOfMemoryErrorInput);
+        input = new ByteArrayInputStream(inputBytes);
+
+        try {
+            ImageIO.read(input);
+        } catch (IIOException e) {
+            secondTestFailed = false;
+        }
+
+        if (firstTestFailed || secondTestFailed) {
+            throw new RuntimeException("Test doesn't throw required"
+                    + " IIOException");
+        }
+    }
+}
+