[ https://issues.apache.org/jira/browse/IMAGING-25?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Damjan Jovanovic resolved IMAGING-25. ------------------------------------- Resolution: Later Deferring to after the 1.0 release. > integer overflow unhandled > -------------------------- > > Key: IMAGING-25 > URL: https://issues.apache.org/jira/browse/IMAGING-25 > Project: Commons Imaging > Issue Type: Bug > Components: Format: JPEG > Affects Versions: 0.94-incubator > Environment: win32, 32 bit operating systems > Reporter: Greg Squires > Attachments: concat-app13.patch, crash.jpeg > > Original Estimate: 24h > Remaining Estimate: 24h > > This function can throw an Exception in ByteSourceArray.java due to a > negative byte[] allocation size. The length argument has been found to wrap > when called from IccProfileParser.java. > In 64bit machines, issues related to incorrect metadata, or ICC data can lead > to incorrect and excess memory allocations. These large numbers however cause > 32bit negative signed values. > public byte[] getBlock(int start, int length) throws IOException > { > if (start + length > bytes.length) > throw new IOException("Could not read block (block > start: " + start > + ", block length: " + length + ", data > length: " > + bytes.length + ")."); > byte result[] = new byte[length]; > System.arraycopy(bytes, start, result, 0, length); > return result; > } -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira