commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Le Huu Quang Linh (JIRA)" <j...@apache.org>
Subject [jira] [Created] (IMAGING-222) JPEG segment size not validated
Date Tue, 26 Mar 2019 12:24:00 GMT
Le Huu Quang Linh created IMAGING-222:
-----------------------------------------

             Summary: JPEG segment size not validated
                 Key: IMAGING-222
                 URL: https://issues.apache.org/jira/browse/IMAGING-222
             Project: Commons Imaging
          Issue Type: Bug
          Components: Format: JPEG
            Reporter: Le Huu Quang Linh
         Attachments: NegSegment.jpg

Using my AFL-based fuzzer for Java. I found that a NegativeArraySizeException may be throw
when attempting to read an invalid JPEG image.

{code:java}
public void traverseJFIF(final ByteSource byteSource, final Visitor visitor)
            throws ImageReadException,
            IOException {
        try (InputStream is = byteSource.getInputStream()) {
            readAndVerifyBytes(is, JpegConstants.SOI,
                    "Not a Valid JPEG File: doesn't begin with 0xffd8");
{code}
I think you should add the handle NegativeArraySizeException exception



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message