[OpenJDK 2D-Dev] 6782079: PNG: reading metadata may cause OOM on truncated images
Andrew.Brygin at Sun.COM
Mon Dec 15 05:42:06 PST 2008
yes, I agree that the reaching the length limit likely signifies that
png header is corrupt.
Our usual policy is to try to be tolerant to errors in the images.
There are too many
not very well formed images around and being too strict we may reject
That's why I am inclined to avoid throwing exception.
However, we probably should be smarter here and read at most
restOfChunkData) bytes. This way we will be able to recover after
single corrupted chunk
and start processing next chunk.
Martin von Gagern wrote:
> Hi Andrew,
> Looking at the patch from the webrev you sent me via private email, and
> comparing it to my previous bug6541476-corrections.patch, I have some
> The addition of a maxLength parameter to readNullTerminatedString makes
> sense, as it avoids some problems on malformed input. It is my
> understanding, however, that all strings read via
> readNullTerminatedString should in a well formed PNG actually be null
> terminated. Therefore in my opinion reaching the limit should cause an
> exception to be thrown, not simply return the string read so far.
> There was a hunk in my patch changing the possible valies for
> compressionFlag of an iTXtEntry from 1/0 to TRUE/FALSE. YOu moved this
> change to your patch for 5082756. That's OK by me, but requires patches
> to be applied in the corret order. That's the reason I had that change
> bundled with my patch.
More information about the 2d-dev