#645 AAIOBE in CCITTFaxDecoderStream now wrapped in IOException

imageio/imageio-tiff/src/main/java/com/twelvemonkeys/imageio/plugins/tiff/CCITTFaxDecoderStream.java

@@ -30,14 +30,14 @@
 
 package com.twelvemonkeys.imageio.plugins.tiff;
 
+import com.twelvemonkeys.lang.Validate;
+
 import java.io.EOFException;
 import java.io.FilterInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.Arrays;
 
-import com.twelvemonkeys.lang.Validate;
-
 /**
  * CCITT Modified Huffman RLE, Group 3 (T4) and Group 4 (T6) fax compression.
  *
@@ -198,6 +198,10 @@ final class CCITTFaxDecoderStream extends FilterInputStream {
             try {
                 decodeRow();
             }
+            catch (ArrayIndexOutOfBoundsException e) {
+                // Mask the AIOOBE as an IOException
+                throw new IOException("Malformed CCITT stream", e);
+            }
             catch (EOFException e) {
                 // TODO: Rewrite to avoid throw/catch for normal flow...
                 if (decodedLength != 0) {

imageio/imageio-tiff/src/test/java/com/twelvemonkeys/imageio/plugins/tiff/CCITTFaxDecoderStreamTest.java

@@ -253,7 +253,7 @@ public class CCITTFaxDecoderStreamTest {
     @Test
     public void testDecodeMissingRows() throws IOException {
         // See https://github.com/haraldk/TwelveMonkeys/pull/225 and https://github.com/haraldk/TwelveMonkeys/issues/232
-        InputStream inputStream = getClass().getResourceAsStream("/tiff/ccitt_tolessrows.tif");
+        InputStream inputStream = getResourceAsStream("/tiff/ccitt_tolessrows.tif");
 
         // Skip until StripOffsets: 8
         for (int i = 0; i < 8; i++) {
@@ -299,7 +299,7 @@ public class CCITTFaxDecoderStreamTest {
     public void testMoreChangesThanColumnsFile() throws IOException {
         // See https://github.com/haraldk/TwelveMonkeys/issues/328
         // 26 changes on 24 columns: H0w1b, H1w1b, ..., H1w0b
-        InputStream stream = getClass().getResourceAsStream("/tiff/ccitt-too-many-changes.tif");
+        InputStream stream = getResourceAsStream("/tiff/ccitt-too-many-changes.tif");
 
         // Skip bytes before StripOffsets: 86
         for (int i = 0; i < 86; i++) {
@@ -336,7 +336,7 @@ public class CCITTFaxDecoderStreamTest {
 
     @Test
     public void testG3AOE() throws IOException {
-        InputStream inputStream = getClass().getResourceAsStream("/tiff/ccitt/g3aoe.tif");
+        InputStream inputStream = getResourceAsStream("/tiff/ccitt/g3aoe.tif");
 
         // Skip until StripOffsets: 8
         for (int i = 0; i < 8; i++) {
@@ -353,4 +353,17 @@ public class CCITTFaxDecoderStreamTest {
         byte[] bytes = new byte[216 * 1168]; // 1728 x 1168 pixel, 1 bpp => 216 bytes * 1168
         new DataInputStream(stream).readFully(bytes);
     }
+
+    @SuppressWarnings("StatementWithEmptyBody")
+    @Test(expected = IOException.class)
+    public void testAIOBEInCorruptStreamShouldThrowIOException() throws IOException {
+        // From #645
+        try (InputStream ccittFaxDecoderStream = new CCITTFaxDecoderStream(getResourceAsStream("/ccitt/645.ccitt"), 7, 4, 0, false)) {
+            while(ccittFaxDecoderStream.read() != -1); // Just read until the end
+        }
+    }
+
+    private InputStream getResourceAsStream(String name) {
+        return getClass().getResourceAsStream(name);
+    }
 }

imageio/imageio-tiff/src/test/resources/ccitt/645.ccitt

@@ -0,0 +1,7 @@
+��δΨ]L–Γ Hΰ„t\eΡΔGΘDn0�£ά―θ�‘σ™#£��βθΎGFtGGΔmΡ|�‘Ρβρ6�ήGD|Η
+N΄T�JΝΕΡ„#π�1"λ������������Μ’²θ�Ί�H!eΒ"Ψ4Α":DqC”;#Άρ΄B"&$Κ�@�|6)Θ&V{ ΄�Aq‡H·!;�ς‡P‚Ϊ&8„‰c‚Π"θ$&΄GD|Ό�EZ(�#TΕ^|[�`†96�σPPα ‚¤Δ–1²?SHp‚dq�‹,!Ζ!„“#°A$ ��
+@‚Η;r±�AΔDDπΑBvR
+΅Α$C ‚G‚� @… �BVw	"c¤%<e~Θθ(s�1h�£ΐ¤#/ΠQ.b0Δ$
+ΒD�8@…""‘C�t0„Y|Έt£�Κph$�‰Η;�pAF
+ώ":�8‚Π�ΐν�΅�vΔ�ε8bΈ��±$9Η<φβΎ"
+‰qR�ΘΰΉ<΅Θ8βqΒ�ΠA28Λ ¬¨EΠEAP!a5²9�Dq—FdG9NS�1HJ›¤&�β1†nM(DDB*�HωΡ�Ε��H!)α>Pι>%�3κ�ηΓ‘,Γ�Ο