stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8270915: GIFImageReader disregards ignoreMetadata flag which causes memory exhaustion

Browse Source 
Reviewed-by: prr
This commit is contained in:
Jayathirth D V 2022-10-06 05:43:43 +00:00
parent 6029120a5f
commit 8c15f77aba
1 changed files with 77 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
src/java.desktop/share/classes/com/sun/imageio/plugins/gif/GIFImageReader.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,12 +30,18 @@ import java.awt.Rectangle;
import java.awt.image.BufferedImage;
import java.awt.image.DataBuffer;
import java.awt.image.WritableRaster;
import java.awt.image.ColorModel;
import java.awt.image.IndexColorModel;
import java.awt.image.MultiPixelPackedSampleModel;
import java.awt.image.PixelInterleavedSampleModel;
import java.awt.image.SampleModel;
import java.io.EOFException;
import java.io.IOException;
import java.nio.ByteOrder;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.imageio.IIOException;
import javax.imageio.ImageReader;
import javax.imageio.ImageReadParam;
@ -43,12 +49,8 @@ import javax.imageio.ImageTypeSpecifier;
import javax.imageio.metadata.IIOMetadata;
import javax.imageio.spi.ImageReaderSpi;
import javax.imageio.stream.ImageInputStream;
import com.sun.imageio.plugins.common.ReaderUtil;
import java.awt.image.ColorModel;
import java.awt.image.IndexColorModel;
import java.awt.image.MultiPixelPackedSampleModel;
import java.awt.image.PixelInterleavedSampleModel;
import java.awt.image.SampleModel;
public class GIFImageReader extends ImageReader {
@ -654,12 +656,18 @@ public class GIFImageReader extends ImageReader {
if (length == 0) {
break;
}
if (ignoreMetadata) {
stream.skipBytes(length);
continue;
}
byte[] subBlockData =
ReaderUtil.staggeredReadByteStream(stream, length);
byte[] newData = new byte[data.length + length];
System.arraycopy(data, 0, newData, 0, data.length);
stream.readFully(newData, data.length, length);
System.arraycopy(subBlockData, 0, newData,
data.length, length);
data = newData;
}
return data;
}
@ -694,8 +702,9 @@ public class GIFImageReader extends ImageReader {
if (localColorTableFlag) {
// Read color table if any
imageMetadata.localColorTable =
new byte[3*numLCTEntries];
stream.readFully(imageMetadata.localColorTable);
ReaderUtil.
staggeredReadByteStream(stream,
(3 * numLCTEntries));
} else {
imageMetadata.localColorTable = null;
}
@ -726,66 +735,86 @@ public class GIFImageReader extends ImageReader {
int terminator = stream.readUnsignedByte();
} else if (label == 0x1) { // Plain text extension
int length = stream.readUnsignedByte();
imageMetadata.hasPlainTextExtension = true;
imageMetadata.textGridLeft =
stream.readUnsignedShort();
imageMetadata.textGridTop =
stream.readUnsignedShort();
imageMetadata.textGridWidth =
stream.readUnsignedShort();
imageMetadata.textGridHeight =
stream.readUnsignedShort();
imageMetadata.characterCellWidth =
stream.readUnsignedByte();
imageMetadata.characterCellHeight =
stream.readUnsignedByte();
imageMetadata.textForegroundColor =
stream.readUnsignedByte();
imageMetadata.textBackgroundColor =
stream.readUnsignedByte();
if (!ignoreMetadata) {
imageMetadata.hasPlainTextExtension = true;
imageMetadata.textGridLeft =
stream.readUnsignedShort();
imageMetadata.textGridTop =
stream.readUnsignedShort();
imageMetadata.textGridWidth =
stream.readUnsignedShort();
imageMetadata.textGridHeight =
stream.readUnsignedShort();
imageMetadata.characterCellWidth =
stream.readUnsignedByte();
imageMetadata.characterCellHeight =
stream.readUnsignedByte();
imageMetadata.textForegroundColor =
stream.readUnsignedByte();
imageMetadata.textBackgroundColor =
stream.readUnsignedByte();
} else {
stream.skipBytes(length);
}
imageMetadata.text = concatenateBlocks();
} else if (label == 0xfe) { // Comment extension
byte[] comment = concatenateBlocks();
if (imageMetadata.comments == null) {
imageMetadata.comments = new ArrayList<>();
if (!ignoreMetadata) {
if (imageMetadata.comments == null) {
imageMetadata.comments = new ArrayList<>();
}
imageMetadata.comments.add(comment);
}
imageMetadata.comments.add(comment);
} else if (label == 0xff) { // Application extension
int blockSize = stream.readUnsignedByte();
int offset = 0;
byte[] blockData = new byte[0];
byte[] applicationID = new byte[8];
byte[] authCode = new byte[3];
if (!ignoreMetadata) {
// read available data
blockData =
ReaderUtil.staggeredReadByteStream(stream,
blockSize);
// read available data
byte[] blockData = new byte[blockSize];
stream.readFully(blockData);
int offset = copyData(blockData, 0, applicationID);
offset = copyData(blockData, offset, authCode);
offset =
copyData(blockData, 0, applicationID);
offset = copyData(blockData, offset, authCode);
} else {
stream.skipBytes(blockSize);
}
byte[] applicationData = concatenateBlocks();
if (offset < blockSize) {
if (!ignoreMetadata &&
offset < blockSize) {
int len = blockSize - offset;
byte[] data =
new byte[len + applicationData.length];
System.arraycopy(blockData, offset, data, 0, len);
System.arraycopy(applicationData, 0, data, len,
System.arraycopy(blockData, offset,
data, 0, len);
System.arraycopy(applicationData, 0,
data, len,
applicationData.length);
applicationData = data;
}
// Init lists if necessary
if (imageMetadata.applicationIDs == null) {
imageMetadata.applicationIDs = new ArrayList<>();
imageMetadata.authenticationCodes =
new ArrayList<>();
imageMetadata.applicationData = new ArrayList<>();
if (!ignoreMetadata) {
// Init lists if necessary
if (imageMetadata.applicationIDs == null) {
imageMetadata.applicationIDs =
new ArrayList<>();
imageMetadata.authenticationCodes =
new ArrayList<>();
imageMetadata.applicationData =
new ArrayList<>();
}
imageMetadata.applicationIDs.add(applicationID);
imageMetadata.authenticationCodes.add(authCode);
imageMetadata.applicationData.add(applicationData);
}
imageMetadata.applicationIDs.add(applicationID);
imageMetadata.authenticationCodes.add(authCode);
imageMetadata.applicationData.add(applicationData);
} else {
// Skip over unknown extension blocks
int length = 0;