[IMAGING-332] OutOfMemory with invalid PNG input file - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 1.0-alpha3
Fix Version/s: 1.0.0-alpha4
Component/s: Format: PNG
Labels:
- fuzzer

Description

The following snippet will cause an OOM as it tries to allocate a huge byte-array.

byte[] input = java.util.Base64.getDecoder().decode("iVBORw0KGgoAAAAbaUNDUMlDQyCrbAAtGHZwQWdQyUNDIKtsAAAYiVBORw0KGgp1AAAASURBVA0KGgoAAAANSUhEUgAAACAAIAQACAJ/2QAAsnMAAAAAAElFTkRCYAAY");
Imaging.getAllBufferedImages(input);

All such allocations should be guarded by some limits, see e.g. https://poi.apache.org/apidocs/dev/org/apache/poi/util/IOUtils.html#safelyAllocate-long-int- for how Apache POI supports a configurable limit for allocations.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

image-2022-08-14-13-50-28-786.png
14/Aug/22 01:50
248 kB
Bruno P. Kinoshita

Activity

People

Assignee:: Unassigned

Reporter:: Dominik Stadler

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/May/22 05:41

Updated:: 06/Apr/24 09:18

Resolved:: 06/Apr/24 09:18