Repository: commons-imaging Updated Branches: refs/heads/master c5ca63fe3 -> 4701b9628
IMAGING-203: JPEG segment size not validated (thanks patch by to Rody Kersten) Project: http://git-wip-us.apache.org/repos/asf/commons-imaging/repo Commit: http://git-wip-us.apache.org/repos/asf/commons-imaging/commit/4701b962 Tree: http://git-wip-us.apache.org/repos/asf/commons-imaging/tree/4701b962 Diff: http://git-wip-us.apache.org/repos/asf/commons-imaging/diff/4701b962 Branch: refs/heads/master Commit: 4701b96281124b9ccd6ecd35c3f16aa73345f315 Parents: c5ca63f Author: Bruno P. Kinoshita <brunodepau...@yahoo.com.br> Authored: Sat Dec 30 00:38:43 2017 +1300 Committer: Bruno P. Kinoshita <brunodepau...@yahoo.com.br> Committed: Sat Dec 30 00:38:43 2017 +1300 ---------------------------------------------------------------------- src/changes/changes.xml | 5 +- .../commons/imaging/formats/jpeg/JpegUtils.java | 3 + .../jpeg/segments/NegSizeSegmentTest.java | 61 ++++++++++++++++++++ 3 files changed, 68 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/commons-imaging/blob/4701b962/src/changes/changes.xml ---------------------------------------------------------------------- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 80260c7..3237559 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -46,7 +46,10 @@ The <action> type attribute can be add,update,fix,remove. <body> <release version="1.0" date="TBA" description="First major release"> - <action issue="IMAGING-123" dev="kinow" type="update" due-to=" Jens Kapitza"> + <action issue="IMAGING-203" dev="kinow" type="fix" due-to="Rody Kersten"> + JPEG segment size not validated + </action> + <action issue="IMAGING-123" dev="kinow" type="update" due-to="Jens Kapitza"> remove duplicated lines in T4AndT6Compression </action> <action issue="IMAGING-209" dev="kinow" type="fix" due-to="Isak Wertwein"> http://git-wip-us.apache.org/repos/asf/commons-imaging/blob/4701b962/src/main/java/org/apache/commons/imaging/formats/jpeg/JpegUtils.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/imaging/formats/jpeg/JpegUtils.java b/src/main/java/org/apache/commons/imaging/formats/jpeg/JpegUtils.java index 8af207c..7031f9d 100644 --- a/src/main/java/org/apache/commons/imaging/formats/jpeg/JpegUtils.java +++ b/src/main/java/org/apache/commons/imaging/formats/jpeg/JpegUtils.java @@ -80,6 +80,9 @@ public class JpegUtils extends BinaryFileParser { final byte[] segmentLengthBytes = readBytes("segmentLengthBytes", is, 2, "segmentLengthBytes"); final int segmentLength = ByteConversions.toUInt16(segmentLengthBytes, getByteOrder()); + if (segmentLength < 2) { + throw new ImageReadException("Invalid segment size"); + } final byte[] segmentData = readBytes("Segment Data", is, segmentLength - 2, http://git-wip-us.apache.org/repos/asf/commons-imaging/blob/4701b962/src/test/java/org/apache/commons/imaging/formats/jpeg/segments/NegSizeSegmentTest.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/apache/commons/imaging/formats/jpeg/segments/NegSizeSegmentTest.java b/src/test/java/org/apache/commons/imaging/formats/jpeg/segments/NegSizeSegmentTest.java new file mode 100644 index 0000000..71957d9 --- /dev/null +++ b/src/test/java/org/apache/commons/imaging/formats/jpeg/segments/NegSizeSegmentTest.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.commons.imaging.formats.jpeg.segments; + +import org.apache.commons.imaging.ImageReadException; +import org.apache.commons.imaging.formats.jpeg.JpegImageParser; +import org.apache.commons.imaging.formats.jpeg.JpegUtils; +import org.apache.commons.imaging.common.bytesource.ByteSource; +import org.apache.commons.imaging.common.bytesource.ByteSourceInputStream; +import org.junit.Test; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.HashMap; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.fail; + +public class NegSizeSegmentTest { + + @Test + public void testCreatesNegSizeSegment() throws IOException { + byte[] bytes = new byte[8]; + bytes[0] = (byte) 0xff; + bytes[1] = (byte) 0xd8; + bytes[2] = (byte) 0xe1; + bytes[3] = (byte) 0xff; + bytes[4] = (byte) 0x01; + bytes[5] = (byte) 0x00; + bytes[6] = (byte) 0x00; + bytes[7] = (byte) 0x00; + + try { + InputStream inputStream = new ByteArrayInputStream(bytes); + ByteSource bs = new ByteSourceInputStream(inputStream, "NegSizeSegment"); + JpegImageParser p = new JpegImageParser(); + p.getBufferedImage(bs, new HashMap<String, Object>()); + fail("Expecting exception: ImageReadException"); + } catch (ImageReadException e) { + assertEquals("Invalid segment size", e.getMessage()); + assertEquals(JpegUtils.class.getName(), e.getStackTrace()[0].getClassName()); + } + + } + +}
