On Tue, 20 Jul 2021 06:25:22 GMT, Jayathirth D V <j...@openjdk.org> wrote:

> We are incorrectly passing source offset to ImageInputStream.readFully() 
> which is getting used on destination buffer. streamPos maintained in each 
> implementation of stream maintain's appropriate source offset while reading 
> the data. Since we are completely utilizing destination buffer any offset 
> greater than 0 would cause IOOBE. In our case we should use 0 as offset value.
> 
> Also to hit this code we need stream/file with at-least 1MB of IFD data, 
> that's why there is no regression test. This change can be verified using 
> image attached in JBS. All test run is green.

I went through TIFF spec and image provided in the bug to understand whether we 
can find a way to pass similar data to reproduce the issue.

The image attached in JBS has ICCProfile as one of the TIFFTag(This is 
considered as UNDEFINED tag by our standard reader) and its count is more than 
1024000. And for this ICCProfile tag corresponding data is also present in the 
stream, it is not some corrupt header scenario where we can just write bad data 
in header and hit the issue. We divide the tag data in chunks on 1024000 bytes, 
when we are done reading first chunk of ICCProfile data and start reading the 
second chunk we hit this issue.

So to add regression test for this scenario we need more than 1024000 bytes of 
data in one of the TIFFTag type where the present change is done. We will not 
be able to pass that amount of data in byteArray stream. Also if we want to 
pass raw data as part of a TIFFTag i need relevant TIFFtag data like ICCProfile 
in the image attached in JBS.

 So i am leaving discussion open so that others can give inputs on ways we can 
put relevant data into our TIFFImageWriter to hit this issue.

-------------

PR: https://git.openjdk.java.net/jdk/pull/4836

Reply via email to