This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-imaging.git
The following commit(s) were added to refs/heads/master by this push:
new bb37ffe6 Test getImageSize
bb37ffe6 is described below
commit bb37ffe63b0111a0333809410183a6a6c28f78e9
Author: Gary Gregory <[email protected]>
AuthorDate: Sat May 13 13:55:00 2023 -0400
Test getImageSize
---
.../common/{mylzw => }/AllocationChecker.java | 13 ++---
.../imaging/common/AllocationRequestException.java | 59 ++++++++++++++++++++++
.../commons/imaging/common/BinaryFunctions.java | 1 +
.../imaging/common/ImagingRuntimeException.java | 38 ++++++++++++++
.../imaging/common/mylzw/MyLzwDecompressor.java | 1 +
.../imaging/formats/icns/IcnsImageParserTest.java | 40 +++++++++++++++
.../imaging/formats/png/PngImageParserTest.java | 39 ++++++++++++++
7 files changed, 185 insertions(+), 6 deletions(-)
diff --git
a/src/main/java/org/apache/commons/imaging/common/mylzw/AllocationChecker.java
b/src/main/java/org/apache/commons/imaging/common/AllocationChecker.java
similarity index 81%
rename from
src/main/java/org/apache/commons/imaging/common/mylzw/AllocationChecker.java
rename to src/main/java/org/apache/commons/imaging/common/AllocationChecker.java
index 7d61d03f..9cd222f5 100644
---
a/src/main/java/org/apache/commons/imaging/common/mylzw/AllocationChecker.java
+++ b/src/main/java/org/apache/commons/imaging/common/AllocationChecker.java
@@ -15,32 +15,33 @@
* limitations under the License.
*/
-package org.apache.commons.imaging.common.mylzw;
+package org.apache.commons.imaging.common;
/**
* Checks inputs for meeting allocation limits.
*/
-class AllocationChecker {
+public class AllocationChecker {
private static final String CANONICAL_NAME =
AllocationChecker.class.getCanonicalName();
-
+
/** One GB. */
private static final int DEFAULT = 1_073_741_824;
/**
* Checks a request for meeting allocation limits.
* <p>
- * The default limit is {@value #DEFAULT}, override with the system
property "org.apache.commons.imaging.common.mylzw.AllocationChecker".
+ * The default limit is {@value #DEFAULT}, override with the system
property
+ * "org.apache.commons.imaging.common.mylzw.AllocationChecker".
* </p>
*
* @param request an allocation request.
* @return the request.
*/
- static int check(final int request) {
+ public static int check(final int request) {
// 1 GB limit
final int limit = Integer.getInteger(CANONICAL_NAME, DEFAULT);
if (request > limit) {
- throw new IllegalArgumentException(String.format("Allocation limit
%,d exceeded: %,d", limit, request));
+ throw new AllocationRequestException(DEFAULT, request);
}
return request;
}
diff --git
a/src/main/java/org/apache/commons/imaging/common/AllocationRequestException.java
b/src/main/java/org/apache/commons/imaging/common/AllocationRequestException.java
new file mode 100644
index 00000000..a0d4b4c1
--- /dev/null
+++
b/src/main/java/org/apache/commons/imaging/common/AllocationRequestException.java
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.imaging.common;
+
+/**
+ * Thrown when an allocation request is too large.
+ */
+public class AllocationRequestException extends ImagingRuntimeException {
+
+ private static final long serialVersionUID = 1L;
+
+ private final int limit;
+ private final int request;
+
+ /**
+ * Constructs a new instance.
+ *
+ * @param limit The allocation limit.
+ * @param request The allocation request.
+ */
+ public AllocationRequestException(final int limit, final int request) {
+ super(String.format("Allocation limit %,d exceeded: %,d", limit,
request));
+ this.limit = limit;
+ this.request = request;
+ }
+
+ /**
+ * Gets the allocation limit.
+ *
+ * @return the allocation limit.
+ */
+ public int getLimit() {
+ return limit;
+ }
+
+ /**
+ * Gets the allocation request.
+ *
+ * @return the allocation request.
+ */
+ public int getRequest() {
+ return request;
+ }
+}
diff --git
a/src/main/java/org/apache/commons/imaging/common/BinaryFunctions.java
b/src/main/java/org/apache/commons/imaging/common/BinaryFunctions.java
index 583d1723..abdaaa7d 100644
--- a/src/main/java/org/apache/commons/imaging/common/BinaryFunctions.java
+++ b/src/main/java/org/apache/commons/imaging/common/BinaryFunctions.java
@@ -264,6 +264,7 @@ public final class BinaryFunctions {
if (length < 0) {
throw new IOException(String.format("%s, invalid length: %d",
exception, length));
}
+ AllocationChecker.check(length);
final byte[] result = new byte[length];
int read = 0;
while (read < length) {
diff --git
a/src/main/java/org/apache/commons/imaging/common/ImagingRuntimeException.java
b/src/main/java/org/apache/commons/imaging/common/ImagingRuntimeException.java
new file mode 100644
index 00000000..77d7e409
--- /dev/null
+++
b/src/main/java/org/apache/commons/imaging/common/ImagingRuntimeException.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.imaging.common;
+
+/**
+ * Thrown when an allocation request is too large.
+ */
+public class ImagingRuntimeException extends RuntimeException {
+
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * Constructs a new runtime exception with the specified detail message.
The cause is not initialized, and may
+ * subsequently be initialized by a call to {@link #initCause}.
+ *
+ * @param message the detail message. The detail message is saved for
later retrieval by the {@link #getMessage()}
+ * method.
+ */
+ public ImagingRuntimeException(final String message) {
+ super(message);
+ }
+
+}
diff --git
a/src/main/java/org/apache/commons/imaging/common/mylzw/MyLzwDecompressor.java
b/src/main/java/org/apache/commons/imaging/common/mylzw/MyLzwDecompressor.java
index a7023641..005b0d1b 100644
---
a/src/main/java/org/apache/commons/imaging/common/mylzw/MyLzwDecompressor.java
+++
b/src/main/java/org/apache/commons/imaging/common/mylzw/MyLzwDecompressor.java
@@ -24,6 +24,7 @@ import java.nio.ByteOrder;
import java.util.Arrays;
import org.apache.commons.imaging.ImageReadException;
+import org.apache.commons.imaging.common.AllocationChecker;
public final class MyLzwDecompressor {
diff --git
a/src/test/java/org/apache/commons/imaging/formats/icns/IcnsImageParserTest.java
b/src/test/java/org/apache/commons/imaging/formats/icns/IcnsImageParserTest.java
new file mode 100644
index 00000000..8423642b
--- /dev/null
+++
b/src/test/java/org/apache/commons/imaging/formats/icns/IcnsImageParserTest.java
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.imaging.formats.icns;
+
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import org.apache.commons.imaging.common.AllocationRequestException;
+import org.junit.jupiter.api.Test;
+
+public class IcnsImageParserTest {
+
+ @Test
+ public void test_getImageSize() throws Exception {
+ byte[] bytes = {
+ // Header
+ 'i', 'c', 'n', 's',
+ // (Too large) file size
+ (byte) 0b0111_1111, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF - 10,
+ // Type (does not matter?)
+ 0, 0, 0, 0,
+ // (Too large) element size
+ (byte) 0b0111_1111, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF - 10
- 8, };
+ assertThrows(AllocationRequestException.class, () -> new
IcnsImageParser().getImageSize(bytes));
+ }
+}
diff --git
a/src/test/java/org/apache/commons/imaging/formats/png/PngImageParserTest.java
b/src/test/java/org/apache/commons/imaging/formats/png/PngImageParserTest.java
new file mode 100644
index 00000000..6e8500c9
--- /dev/null
+++
b/src/test/java/org/apache/commons/imaging/formats/png/PngImageParserTest.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.imaging.formats.png;
+
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import org.apache.commons.imaging.common.AllocationRequestException;
+import org.junit.jupiter.api.Test;
+
+public class PngImageParserTest {
+
+ @Test
+ public void test_getImageSize() throws Exception {
+ byte[] bytes = {
+ // Header
+ (byte) 0x89, 'P', 'N', 'G', '\r', '\n', 0x1A, '\n',
+ // (Too large) Length
+ (byte) 0b0111_1111 , (byte) 0xFF, (byte) 0xFF, (byte) 0xFF - 10,
+ // Chunk type
+ 'I', 'H', 'D', 'R',
+ };
+ assertThrows(AllocationRequestException.class, () -> new
PngImageParser().getImageSize(bytes));
+ }
+}
