Mailing-List: contact issues-help@commons.apache.org; run by ezmlm
Precedence: bulk
Reply-To: issues@commons.apache.org
Date: Sun, 15 Feb 2015 09:27:11 +0000 (UTC)
From: =?utf-8?Q?Michael_Gro=C3=9F_=28JIRA=29?= <jira@apache.org>
To: issues@commons.apache.org
Message-ID: <JIRA.12773218.1423308099000.50349.1423992431612@Atlassian.JIRA>
In-Reply-To: <JIRA.12773218.1423308099000@Atlassian.JIRA>
References: <JIRA.12773218.1423308099000@Atlassian.JIRA>
 <JIRA.12773218.1423308099472@arcas>
Subject: [jira] [Commented] (IMAGING-164) Possible dereferencing of null
 pointer in IcoImageParser::writeImage
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


    [ https://issues.apache.org/jira/browse/IMAGING-164?page=3Dcom.atlassia=
n.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D143=
21888#comment-14321888 ]=20

Michael Gro=C3=9F commented on IMAGING-164:
--------------------------------------

I propose a patch at http://github.com/mgmechanics/commons-imaging/tree/IMA=
GING-164 - it is really a tiny one.

> Possible dereferencing of null pointer in IcoImageParser::writeImage
> --------------------------------------------------------------------
>
>                 Key: IMAGING-164
>                 URL: https://issues.apache.org/jira/browse/IMAGING-164
>             Project: Commons Imaging
>          Issue Type: Improvement
>          Components: Format: ICO
>            Reporter: Michael Gro=C3=9F
>             Fix For: Review Patch
>
>
> org.apache.commons.imaging.formats.ico.IcoImageParser::writeImage(final B=
ufferedImage src, final OutputStream os, final ImagingParameters params)
> may throw an unexpected NullPointerException because it of the following =
code:
> {noformat}
> final SimplePalette palette =3D paletteFactory.makeExactRgbPaletteSimple(=
src, 256);
> {noformat}
> Then asking if the created palette is null. I will discuss where it comes=
 from below. For now it is interesting that we set the variable bitCount de=
spite the SimplePalette is null. Currently this makes no sense because the =
code will throw a NullPointerException later if SimplePalette is null.
> {noformat}
> if (palette =3D=3D null) {
>             if (hasTransparency) {
>                 bitCount =3D 32;
>             } else {
>                 bitCount =3D 24;
>             }
> {noformat}
> In the later for-loop we try to call *getPaletteIndex(rgb)* on the Simple=
Palette instance. If it contains null, we'll get a NullPointerException her=
e.
> {noformat}
> for (int y =3D src.getHeight() - 1; y >=3D 0; y--) {
>             for (int x =3D 0; x < src.getWidth(); x++) {
>                 final int argb =3D src.getRGB(x, y);
>                 if (bitCount < 8) {
>                     final int rgb =3D 0xffffff & argb;
>                     final int index =3D palette.getPaletteIndex(rgb); // =
possible NullPointerException
>                    ...
>                 } else if (bitCount =3D=3D 8) {
>                     final int rgb =3D 0xffffff & argb;
>                     final int index =3D palette.getPaletteIndex(rgb);  //=
 possible NullPointerException
> {noformat}
> Why can SimplePalette be null? It comes from PaletteFactory::makeExactRgb=
PaletteSimple(final BufferedImage src, final int max). As it's javadoc says=
 it will "fails by returning null if there are more than max colors necessa=
ry":
> {noformat}
> if (rgbs.add(rgb) && rgbs.size() > max) {
>                     return null;
>                 }
> {noformat}
> My first idea goes to throw a RunTimeException rather than returning null=
. But one has to check if there are cases where the return of null triggers=
 some error handling i.e. increasing the number of colors or creating a dif=
ferent type of object.


--
This message was sent by Atlassian JIRA
(v6.3.4#6332)