commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benedikt Ritter (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (IMAGING-167) Possible infinite loop at XpmImageParser::writeImage(...)
Date Thu, 19 Feb 2015 06:51:12 GMT

     [ https://issues.apache.org/jira/browse/IMAGING-167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Benedikt Ritter updated IMAGING-167:
------------------------------------
    Labels: github  (was: )

> Possible infinite loop at XpmImageParser::writeImage(...)
> ---------------------------------------------------------
>
>                 Key: IMAGING-167
>                 URL: https://issues.apache.org/jira/browse/IMAGING-167
>             Project: Commons Imaging
>          Issue Type: Bug
>          Components: Format: JPEG
>            Reporter: Michael GroƟ
>              Labels: github
>             Fix For: Review Patch
>
>
> While researching for IMAGING-164 I found the following code at
> org.apache.commons.imaging.formats.xpm.XpmImageParser::writeImage(...)
> {noformat}
> final PaletteFactory paletteFactory = new PaletteFactory();
> ....
> SimplePalette palette = null;
>         int maxColors = WRITE_PALETTE.length;
>         int charsPerPixel = 1;
>         while (palette == null) {
>             palette = paletteFactory.makeExactRgbPaletteSimple(src,
>                     hasTransparency ? maxColors - 1 : maxColors);
>             if (palette == null) {
>                 maxColors *= WRITE_PALETTE.length;
>                 charsPerPixel++;
>             }
>         }
> {noformat}
> The while loop has no exit when *maxColors* or *charsPerPixel* - both int values - overflow.
They can overflow because PaletteFactory.makeExactRgbPaletteSimple(...) can return null as
found in IMAGING-164.
> As far as I know Java doesn't thows an exception when an int flows over - it just "flips"
it so after Integer.MAX_VALUE it goes to Integer.MIN_VALUE. So we would have an infinite loop.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message