commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Le Huu Quang Linh (JIRA)" <>
Subject [jira] [Created] (IMAGING-222) JPEG segment size not validated
Date Tue, 26 Mar 2019 12:24:00 GMT
Le Huu Quang Linh created IMAGING-222:

             Summary: JPEG segment size not validated
                 Key: IMAGING-222
             Project: Commons Imaging
          Issue Type: Bug
          Components: Format: JPEG
            Reporter: Le Huu Quang Linh
         Attachments: NegSegment.jpg

Using my AFL-based fuzzer for Java. I found that a NegativeArraySizeException may be throw
when attempting to read an invalid JPEG image.

public void traverseJFIF(final ByteSource byteSource, final Visitor visitor)
            throws ImageReadException,
            IOException {
        try (InputStream is = byteSource.getInputStream()) {
            readAndVerifyBytes(is, JpegConstants.SOI,
                    "Not a Valid JPEG File: doesn't begin with 0xffd8");
I think you should add the handle NegativeArraySizeException exception

This message was sent by Atlassian JIRA

View raw message