integer overflow unhandled
--------------------------
Key: SANSELAN-17
URL: https://issues.apache.org/jira/browse/SANSELAN-17
Project: Sanselan
Issue Type: Bug
Affects Versions: 0.94-incubator
Environment: win32, 32 bit operating systems
Reporter: Greg Squires
This function can throw an Exception in ByteSourceArray.java due to a negative
byte[] allocation size. The length argument has been found to wrap when called
from IccProfileParser.java.
In 64bit machines, issues related to incorrect metadata, or ICC data can lead
to incorrect and excess memory allocations. These large numbers however cause
32bit negative signed values.
public byte[] getBlock(int start, int length) throws IOException
{
if (start + length > bytes.length)
throw new IOException("Could not read block (block
start: " + start
+ ", block length: " + length + ", data
length: "
+ bytes.length + ").");
byte result[] = new byte[length];
System.arraycopy(bytes, start, result, 0, length);
return result;
}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
