United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6782079 PNG: reading metadata may cause OOM on truncated images.
JDK-6782079 : PNG: reading metadata may cause OOM on truncated images.

Details
Type:
Bug
Submit Date:
2008-12-08
Status:
Closed
Updated Date:
2011-03-07
Project Name:
JDK
Resolved Date:
2011-03-07
Component:
client-libs
OS:
generic
Sub-Component:
javax.imageio
CPU:
generic
Priority:
P3
Resolution:
Fixed
Affected Versions:
7
Fixed Versions:

Related Reports
Backport:

Sub Tasks

Description
The loop that reads null terminated strings just looks for 0 being
returned from ImageInputStream.read(). This ignores the possible value
of -1 which would indicate an end of stream. Because of this, truncated
PNG files could lead to long execution time (while the loop iterates at
the end of the stream) followed by an OutOfMemoryError (when enough -1
values have ben "read" and buffered).

Test demonstrates this problem is attached.

                                    

Comments
SUGGESTED FIX

http://sa.sfbay.sun.com/projects/java2d_data/7/6782079.1
                                     
2009-01-13
EVALUATION

This fix can be divided in two parts:

 1. Potential OOM due to infinite reading of truncated png images.
     Although submitter claimed this as a new regression, the same
     problem is present in original method readNullTerminatedString()
    (PNGImageReader.java, lines 221 - 229).
    To resolve this problem check for EOF and max allowable length
     were added to the readNullTerminatedString(). 
     The duplicate of this fiction which handles default charset was
     removed: now we just specify the ISO-8859-1 charset for non-utf
     strings.
    There was yet another attribute without specified maximum length:
     translated keyword. Now we assume that translated keyword is no
     longer that rest of data in the chunk.

 2. As a part of original fix for 6541476, some generic usage was
    introduced, and this fix converts all collections used in the
    png plugin to generics.
                                     
2009-01-13



Hardware and Software, Engineered to Work Together