[GitHub] kinow closed pull request #39: IMAGING-219: prevent infinite loop when decompressing RGBE input file

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[GitHub] kinow closed pull request #39: IMAGING-219: prevent infinite loop when decompressing RGBE input file

GitBox
kinow closed pull request #39: IMAGING-219: prevent infinite loop when decompressing RGBE input file
URL: https://github.com/apache/commons-imaging/pull/39
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/src/main/java/org/apache/commons/imaging/formats/rgbe/RgbeInfo.java b/src/main/java/org/apache/commons/imaging/formats/rgbe/RgbeInfo.java
index e09e46ab..4038165f 100644
--- a/src/main/java/org/apache/commons/imaging/formats/rgbe/RgbeInfo.java
+++ b/src/main/java/org/apache/commons/imaging/formats/rgbe/RgbeInfo.java
@@ -169,13 +169,17 @@ private void readMetadata() throws IOException, ImageReadException {
     }
 
     private static void decompress(final InputStream in, final byte[] out)
-            throws IOException {
+            throws IOException,ImageReadException {
         int position = 0;
         final int total = out.length;
 
         while (position < total) {
             final int n = in.read();
 
+            if (n < 0) {
+                throw new ImageReadException("Error decompressing RGBE file");
+            }
+
             if (n > 128) {
                 final int value = in.read();
 
diff --git a/src/test/java/org/apache/commons/imaging/formats/rgbe/RgbeReadTest.java b/src/test/java/org/apache/commons/imaging/formats/rgbe/RgbeReadTest.java
index aa9ae6fb..ab854d72 100644
--- a/src/test/java/org/apache/commons/imaging/formats/rgbe/RgbeReadTest.java
+++ b/src/test/java/org/apache/commons/imaging/formats/rgbe/RgbeReadTest.java
@@ -21,12 +21,15 @@
 import java.awt.image.BufferedImage;
 import java.io.File;
 import java.io.IOException;
+import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 
 import org.apache.commons.imaging.ImageInfo;
 import org.apache.commons.imaging.ImageReadException;
 import org.apache.commons.imaging.Imaging;
 import org.apache.commons.imaging.common.ImageMetadata;
+import org.apache.commons.imaging.common.bytesource.ByteSourceFile;
 import org.apache.commons.imaging.internal.Debug;
 import org.junit.Test;
 
@@ -52,4 +55,21 @@ public void test() throws IOException, ImageReadException {
             assertNotNull(image);
         }
     }
+
+    /**
+     * Test that a bad file does not gets the RgbeImageParser stuck reading it.
+     *
+     * @throws ImageReadException
+     * @throws IOException
+     */
+    @Test(expected = ImageReadException.class, timeout = 2000)
+    public void testErrorDecompressingInvalidFile() throws ImageReadException, IOException {
+        // From IMAGING-219
+        File inputFile = new File(
+                RgbeReadTest.class.getResource("/IMAGING-219/timeout-9713502c9c371f1654b493650c16ab17c0444369")
+                        .getFile());
+        ByteSourceFile byteSourceFile = new ByteSourceFile(inputFile);
+        Map<String, Object> params = Collections.<String, Object>emptyMap();
+        new RgbeImageParser().getBufferedImage(byteSourceFile, params);
+    }
 }
diff --git a/src/test/resources/IMAGING-219/timeout-9713502c9c371f1654b493650c16ab17c0444369 b/src/test/resources/IMAGING-219/timeout-9713502c9c371f1654b493650c16ab17c0444369
new file mode 100644
index 00000000..3fbbed2c
Binary files /dev/null and b/src/test/resources/IMAGING-219/timeout-9713502c9c371f1654b493650c16ab17c0444369 differ


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[hidden email]


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]