Adrian, I have an explanation and a resolution for you. The problem is a buffer overrun in the ICC parser (a bit of color correction meta data that ships with the image).
To resolve it I upgraded my JVM from 1.6.0_04 to 1.6.0_14 ... But _05 or above would do the trick I think. I'll write a blog on it and give a more thorough explanation - but meanwhile, I found my best clues by looking not for ColdFusion related image issues, but javax.imagaio related image issues. I found this post: http://www.securiteam.com/securitynews/5SP0E1PNQA.htm Which lead me more closely examine the update (build) number of my JVM install. I hope this helps you! -Mark Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -----Original Message----- From: Adrian Lynch [mailto:cont...@adrianlynch.co.uk] Sent: Tuesday, June 09, 2009 10:49 AM To: cf-talk Subject: RE: Image killing server Thanks Mark. You're right, I'm beginning to think I shouldn't have posted it on here now. I've submitted a bug report to Adobe. When I open it in GIMP I get told "The image 'killer.jpg' has an embedded colour profile: eciRGB v2 ICCv4". cftry/cfcatch doesn't help so the only way I can think of to spot this prior to using ImageRead() etc. is to read the file in with cffile and look for "eciRGB v2 ICCv4". But who's to say that will cover all the bases? Adrian > -----Original Message----- > From: Mark Kruger [mailto:mkru...@cfwebtools.com] > Sent: 09 June 2009 16:32 > To: cf-talk > Subject: RE: Image killing server > > > Follow up: > > I can verify the image is able to be previewed and edited using > fireworks. I can't see anything unusual about it. > > I have to say if it's a something that is reproducible, it's going to > be an attack vector. I can think of 3 or 4 servers I manage that need > a fix for this pretty quickly if it becomes common knowledge. > > -Mark > > > Mark A. Kruger, CFG, MCSE > (402) 408-3733 ext 105 > www.cfwebtools.com > www.coldfusionmuse.com > www.necfug.com > > -----Original Message----- > From: Mark Kruger [mailto:mkru...@cfwebtools.com] > Sent: Tuesday, June 09, 2009 10:27 AM > To: cf-talk > Subject: RE: Image killing server > > > Adrian, > > I verified your results on an 8.01 dev server running on my local XP > box. > Sure enough the service restarts. > > -Mark > > > Mark A. Kruger, CFG, MCSE > (402) 408-3733 ext 105 > www.cfwebtools.com > www.coldfusionmuse.com > www.necfug.com > > -----Original Message----- > From: Adrian Lynch [mailto:cont...@adrianlynch.co.uk] > Sent: Tuesday, June 09, 2009 9:43 AM > To: cf-talk > Subject: Image killing server > > > Hey all, got a bit of a strange one here. A user is uploading an image > which GIMP is reporting to have an embedded colour profile of "". > > When I use any of the image functions on this image, CF dies. > > I posted a while ago but because it was only one user we converted it > manually and re-uploaded, now we're getting more of them. > > Could I ask for a sanity check by someone confirming that this image > is killing their server too? > > http://www.halestorm.co.uk/images/killer.jpg > > Download it, create a .cfm page and do > ImageRead(ExpandPath("./killer.jpg")) > > I get a blank page back then on refresh a message saying CF is > starting up. > > I'm on the bug report page at the moment but I thought I would get > someone else to test this also. > > Thanks. > > Adrian Lynch | www.halestorm.co.uk ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323297 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
