Skip to content

Commit

Permalink
8270915: GIFImageReader disregards ignoreMetadata flag which causes m…
Browse files Browse the repository at this point in the history
…emory exhaustion

Reviewed-by: prr
  • Loading branch information
jayathirthrao committed Oct 6, 2022
1 parent 6029120 commit 8c15f77
Showing 1 changed file with 78 additions and 49 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -30,25 +30,27 @@
import java.awt.image.BufferedImage;
import java.awt.image.DataBuffer;
import java.awt.image.WritableRaster;
import java.awt.image.ColorModel;
import java.awt.image.IndexColorModel;
import java.awt.image.MultiPixelPackedSampleModel;
import java.awt.image.PixelInterleavedSampleModel;
import java.awt.image.SampleModel;
import java.io.EOFException;
import java.io.IOException;
import java.nio.ByteOrder;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

import javax.imageio.IIOException;
import javax.imageio.ImageReader;
import javax.imageio.ImageReadParam;
import javax.imageio.ImageTypeSpecifier;
import javax.imageio.metadata.IIOMetadata;
import javax.imageio.spi.ImageReaderSpi;
import javax.imageio.stream.ImageInputStream;

import com.sun.imageio.plugins.common.ReaderUtil;
import java.awt.image.ColorModel;
import java.awt.image.IndexColorModel;
import java.awt.image.MultiPixelPackedSampleModel;
import java.awt.image.PixelInterleavedSampleModel;
import java.awt.image.SampleModel;

public class GIFImageReader extends ImageReader {

Expand Down Expand Up @@ -654,12 +656,18 @@ private byte[] concatenateBlocks() throws IOException {
if (length == 0) {
break;
}
if (ignoreMetadata) {
stream.skipBytes(length);
continue;
}
byte[] subBlockData =
ReaderUtil.staggeredReadByteStream(stream, length);
byte[] newData = new byte[data.length + length];
System.arraycopy(data, 0, newData, 0, data.length);
stream.readFully(newData, data.length, length);
System.arraycopy(subBlockData, 0, newData,
data.length, length);
data = newData;
}

return data;
}

Expand Down Expand Up @@ -694,8 +702,9 @@ private void readMetadata() throws IIOException {
if (localColorTableFlag) {
// Read color table if any
imageMetadata.localColorTable =
new byte[3*numLCTEntries];
stream.readFully(imageMetadata.localColorTable);
ReaderUtil.
staggeredReadByteStream(stream,
(3 * numLCTEntries));
} else {
imageMetadata.localColorTable = null;
}
Expand Down Expand Up @@ -726,66 +735,86 @@ private void readMetadata() throws IIOException {
int terminator = stream.readUnsignedByte();
} else if (label == 0x1) { // Plain text extension
int length = stream.readUnsignedByte();
imageMetadata.hasPlainTextExtension = true;
imageMetadata.textGridLeft =
stream.readUnsignedShort();
imageMetadata.textGridTop =
stream.readUnsignedShort();
imageMetadata.textGridWidth =
stream.readUnsignedShort();
imageMetadata.textGridHeight =
stream.readUnsignedShort();
imageMetadata.characterCellWidth =
stream.readUnsignedByte();
imageMetadata.characterCellHeight =
stream.readUnsignedByte();
imageMetadata.textForegroundColor =
stream.readUnsignedByte();
imageMetadata.textBackgroundColor =
stream.readUnsignedByte();
if (!ignoreMetadata) {
imageMetadata.hasPlainTextExtension = true;
imageMetadata.textGridLeft =
stream.readUnsignedShort();
imageMetadata.textGridTop =
stream.readUnsignedShort();
imageMetadata.textGridWidth =
stream.readUnsignedShort();
imageMetadata.textGridHeight =
stream.readUnsignedShort();
imageMetadata.characterCellWidth =
stream.readUnsignedByte();
imageMetadata.characterCellHeight =
stream.readUnsignedByte();
imageMetadata.textForegroundColor =
stream.readUnsignedByte();
imageMetadata.textBackgroundColor =
stream.readUnsignedByte();
} else {
stream.skipBytes(length);
}
imageMetadata.text = concatenateBlocks();
} else if (label == 0xfe) { // Comment extension
byte[] comment = concatenateBlocks();
if (imageMetadata.comments == null) {
imageMetadata.comments = new ArrayList<>();
if (!ignoreMetadata) {
if (imageMetadata.comments == null) {
imageMetadata.comments = new ArrayList<>();
}
imageMetadata.comments.add(comment);
}
imageMetadata.comments.add(comment);
} else if (label == 0xff) { // Application extension
int blockSize = stream.readUnsignedByte();
int offset = 0;
byte[] blockData = new byte[0];
byte[] applicationID = new byte[8];
byte[] authCode = new byte[3];

// read available data
byte[] blockData = new byte[blockSize];
stream.readFully(blockData);

int offset = copyData(blockData, 0, applicationID);
offset = copyData(blockData, offset, authCode);
if (!ignoreMetadata) {
// read available data
blockData =
ReaderUtil.staggeredReadByteStream(stream,
blockSize);

offset =
copyData(blockData, 0, applicationID);
offset = copyData(blockData, offset, authCode);
} else {
stream.skipBytes(blockSize);
}

byte[] applicationData = concatenateBlocks();

if (offset < blockSize) {
if (!ignoreMetadata &&
offset < blockSize) {
int len = blockSize - offset;
byte[] data =
new byte[len + applicationData.length];

System.arraycopy(blockData, offset, data, 0, len);
System.arraycopy(applicationData, 0, data, len,
System.arraycopy(blockData, offset,
data, 0, len);
System.arraycopy(applicationData, 0,
data, len,
applicationData.length);

applicationData = data;
}

// Init lists if necessary
if (imageMetadata.applicationIDs == null) {
imageMetadata.applicationIDs = new ArrayList<>();
imageMetadata.authenticationCodes =
new ArrayList<>();
imageMetadata.applicationData = new ArrayList<>();
if (!ignoreMetadata) {
// Init lists if necessary
if (imageMetadata.applicationIDs == null) {
imageMetadata.applicationIDs =
new ArrayList<>();
imageMetadata.authenticationCodes =
new ArrayList<>();
imageMetadata.applicationData =
new ArrayList<>();
}
imageMetadata.applicationIDs.add(applicationID);
imageMetadata.authenticationCodes.add(authCode);
imageMetadata.applicationData.add(applicationData);
}
imageMetadata.applicationIDs.add(applicationID);
imageMetadata.authenticationCodes.add(authCode);
imageMetadata.applicationData.add(applicationData);
} else {
// Skip over unknown extension blocks
int length = 0;
Expand Down

1 comment on commit 8c15f77

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.