commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brien Voorhees (JIRA)" <j...@apache.org>
Subject [jira] Issue Comment Edited: (SANSELAN-17) integer overflow unhandled
Date Wed, 06 Jan 2010 01:31:54 GMT

    [ https://issues.apache.org/jira/browse/SANSELAN-17?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12796942#action_12796942
] 

Brien Voorhees edited comment on SANSELAN-17 at 1/6/10 1:30 AM:
----------------------------------------------------------------


I'm trying to use Sanselan to analyze images in a live mailstream and unfortunately it crashes
with OutOfMemory on malformed jpeg images.  I'm using Sanselan version 0.97 on a 64-bit Mac.

Attached is an example.  

Below is the verbose output and a stack trace :

blockType 1005 (0x3ed)
blockSize 16 (0x10)
blockType 1037 (0x40d)
blockSize 4 (0x4)
blockType 1011 (0x3f3)
blockSize 8 (0x8)
blockType 1034 (0x40a)
blockSize 1 (0x1)
blockType 10000 (0x2710)
blockSize 10 (0xa)
blockType 1013 (0x3f5)
blockSize 72 (0x48)
blockType 1016 (0x3f8)
blockSize 112 (0x70)
blockType 1032 (0x408)
blockSize 16 (0x10)
blockType 1044 (0x414)
blockSize 4 (0x4)
blockType 1036 (0x40c)
blockSize 568 (0x238)
blockType 4000 (0xfa0)
blockSize 84 (0x54)
blockType 4001 (0xfa1)
blockSize 86622 (0x1525e)
Invalid Image Resource Block data
blockType 28519 (0x6f67)
blockNameLength 108 (0x6c)
blockSize 1811939328 (0x6c000000)

Exception in thread "main" java.lang.OutOfMemoryError: Java heap space
	at org.apache.sanselan.common.BinaryInputStream.readByteArray(BinaryInputStream.java:472)
	at org.apache.sanselan.formats.jpeg.iptc.IPTCParser.parseAllBlocks(IPTCParser.java:323)
	at org.apache.sanselan.formats.jpeg.iptc.IPTCParser.parsePhotoshopSegment(IPTCParser.java:116)
	at org.apache.sanselan.formats.jpeg.iptc.IPTCParser.parsePhotoshopSegment(IPTCParser.java:107)
	at org.apache.sanselan.formats.jpeg.segments.App13Segment.parsePhotoshopSegment(App13Segment.java:80)
	at org.apache.sanselan.formats.jpeg.JpegImageParser.getPhotoshopMetadata(JpegImageParser.java:607)
	at org.apache.sanselan.formats.jpeg.JpegImageParser.getMetadata(JpegImageParser.java:309)
	at org.apache.sanselan.Sanselan.getMetadata(Sanselan.java:978)
	at org.apache.sanselan.Sanselan.getMetadata(Sanselan.java:971)


      was (Author: brienv):
    I'm trying to use Sanselan to analyze images in a live mailstream and unfortunately it
crashes with OutOfMemory on malformed jpeg images.  

Attached is an example.  

Below is the verbose output and a stack trace :

blockType 1005 (0x3ed)
blockSize 16 (0x10)
blockType 1037 (0x40d)
blockSize 4 (0x4)
blockType 1011 (0x3f3)
blockSize 8 (0x8)
blockType 1034 (0x40a)
blockSize 1 (0x1)
blockType 10000 (0x2710)
blockSize 10 (0xa)
blockType 1013 (0x3f5)
blockSize 72 (0x48)
blockType 1016 (0x3f8)
blockSize 112 (0x70)
blockType 1032 (0x408)
blockSize 16 (0x10)
blockType 1044 (0x414)
blockSize 4 (0x4)
blockType 1036 (0x40c)
blockSize 568 (0x238)
blockType 4000 (0xfa0)
blockSize 84 (0x54)
blockType 4001 (0xfa1)
blockSize 86622 (0x1525e)
Invalid Image Resource Block data
blockType 28519 (0x6f67)
blockNameLength 108 (0x6c)
blockSize 1811939328 (0x6c000000)

Exception in thread "main" java.lang.OutOfMemoryError: Java heap space
	at org.apache.sanselan.common.BinaryInputStream.readByteArray(BinaryInputStream.java:472)
	at org.apache.sanselan.formats.jpeg.iptc.IPTCParser.parseAllBlocks(IPTCParser.java:323)
	at org.apache.sanselan.formats.jpeg.iptc.IPTCParser.parsePhotoshopSegment(IPTCParser.java:116)
	at org.apache.sanselan.formats.jpeg.iptc.IPTCParser.parsePhotoshopSegment(IPTCParser.java:107)
	at org.apache.sanselan.formats.jpeg.segments.App13Segment.parsePhotoshopSegment(App13Segment.java:80)
	at org.apache.sanselan.formats.jpeg.JpegImageParser.getPhotoshopMetadata(JpegImageParser.java:607)
	at org.apache.sanselan.formats.jpeg.JpegImageParser.getMetadata(JpegImageParser.java:309)
	at org.apache.sanselan.Sanselan.getMetadata(Sanselan.java:978)
	at org.apache.sanselan.Sanselan.getMetadata(Sanselan.java:971)

  
> integer overflow unhandled
> --------------------------
>
>                 Key: SANSELAN-17
>                 URL: https://issues.apache.org/jira/browse/SANSELAN-17
>             Project: Commons Sanselan
>          Issue Type: Bug
>    Affects Versions: 0.94-incubator
>         Environment: win32, 32 bit operating systems
>            Reporter: Greg Squires
>         Attachments: crash.jpeg
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> This function can throw an Exception in ByteSourceArray.java due to a negative byte[]
allocation size. The length argument has been found to wrap when called from IccProfileParser.java.
> In 64bit machines, issues related to incorrect metadata, or ICC data can lead to incorrect
and excess memory allocations. These large numbers however cause 32bit negative signed values.
> 	public byte[] getBlock(int start, int length) throws IOException
> 	{
> 		if (start + length > bytes.length)
> 			throw new IOException("Could not read block (block start: " + start
> 					+ ", block length: " + length + ", data length: "
> 					+ bytes.length + ").");
> 		byte result[] = new byte[length];
> 		System.arraycopy(bytes, start, result, 0, length);
> 		return result;
> 	}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message