From 3911191b0442b0f818111344d9ac74e514363f77 Mon Sep 17 00:00:00 2001
From: Harald Kuhr <harald.kuhr@gmail.com>
Date: Sat, 11 Dec 2021 17:48:57 +0100
Subject: [PATCH] #645 AAIOBE in CCITTFaxDecoderStream now wrapped in
 IOException

---
 .../plugins/tiff/CCITTFaxDecoderStream.java   |  8 ++++++--
 .../tiff/CCITTFaxDecoderStreamTest.java       | 19 ++++++++++++++++---
 .../src/test/resources/ccitt/645.ccitt        |  7 +++++++
 3 files changed, 29 insertions(+), 5 deletions(-)
 create mode 100644 imageio/imageio-tiff/src/test/resources/ccitt/645.ccitt

diff --git a/imageio/imageio-tiff/src/main/java/com/twelvemonkeys/imageio/plugins/tiff/CCITTFaxDecoderStream.java b/imageio/imageio-tiff/src/main/java/com/twelvemonkeys/imageio/plugins/tiff/CCITTFaxDecoderStream.java
index 08bf12e4..d34a17d9 100644
--- a/imageio/imageio-tiff/src/main/java/com/twelvemonkeys/imageio/plugins/tiff/CCITTFaxDecoderStream.java
+++ b/imageio/imageio-tiff/src/main/java/com/twelvemonkeys/imageio/plugins/tiff/CCITTFaxDecoderStream.java
@@ -30,14 +30,14 @@
 
 package com.twelvemonkeys.imageio.plugins.tiff;
 
+import com.twelvemonkeys.lang.Validate;
+
 import java.io.EOFException;
 import java.io.FilterInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.Arrays;
 
-import com.twelvemonkeys.lang.Validate;
-
 /**
  * CCITT Modified Huffman RLE, Group 3 (T4) and Group 4 (T6) fax compression.
  *
@@ -198,6 +198,10 @@ final class CCITTFaxDecoderStream extends FilterInputStream {
             try {
                 decodeRow();
             }
+            catch (ArrayIndexOutOfBoundsException e) {
+                // Mask the AIOOBE as an IOException
+                throw new IOException("Malformed CCITT stream", e);
+            }
             catch (EOFException e) {
                 // TODO: Rewrite to avoid throw/catch for normal flow...
                 if (decodedLength != 0) {
diff --git a/imageio/imageio-tiff/src/test/java/com/twelvemonkeys/imageio/plugins/tiff/CCITTFaxDecoderStreamTest.java b/imageio/imageio-tiff/src/test/java/com/twelvemonkeys/imageio/plugins/tiff/CCITTFaxDecoderStreamTest.java
index 9fa9413f..d54723d7 100644
--- a/imageio/imageio-tiff/src/test/java/com/twelvemonkeys/imageio/plugins/tiff/CCITTFaxDecoderStreamTest.java
+++ b/imageio/imageio-tiff/src/test/java/com/twelvemonkeys/imageio/plugins/tiff/CCITTFaxDecoderStreamTest.java
@@ -253,7 +253,7 @@ public class CCITTFaxDecoderStreamTest {
     @Test
     public void testDecodeMissingRows() throws IOException {
         // See https://github.com/haraldk/TwelveMonkeys/pull/225 and https://github.com/haraldk/TwelveMonkeys/issues/232
-        InputStream inputStream = getClass().getResourceAsStream("/tiff/ccitt_tolessrows.tif");
+        InputStream inputStream = getResourceAsStream("/tiff/ccitt_tolessrows.tif");
 
         // Skip until StripOffsets: 8
         for (int i = 0; i < 8; i++) {
@@ -299,7 +299,7 @@ public class CCITTFaxDecoderStreamTest {
     public void testMoreChangesThanColumnsFile() throws IOException {
         // See https://github.com/haraldk/TwelveMonkeys/issues/328
         // 26 changes on 24 columns: H0w1b, H1w1b, ..., H1w0b
-        InputStream stream = getClass().getResourceAsStream("/tiff/ccitt-too-many-changes.tif");
+        InputStream stream = getResourceAsStream("/tiff/ccitt-too-many-changes.tif");
 
         // Skip bytes before StripOffsets: 86
         for (int i = 0; i < 86; i++) {
@@ -336,7 +336,7 @@ public class CCITTFaxDecoderStreamTest {
 
     @Test
     public void testG3AOE() throws IOException {
-        InputStream inputStream = getClass().getResourceAsStream("/tiff/ccitt/g3aoe.tif");
+        InputStream inputStream = getResourceAsStream("/tiff/ccitt/g3aoe.tif");
 
         // Skip until StripOffsets: 8
         for (int i = 0; i < 8; i++) {
@@ -353,4 +353,17 @@ public class CCITTFaxDecoderStreamTest {
         byte[] bytes = new byte[216 * 1168]; // 1728 x 1168 pixel, 1 bpp => 216 bytes * 1168
         new DataInputStream(stream).readFully(bytes);
     }
+
+    @SuppressWarnings("StatementWithEmptyBody")
+    @Test(expected = IOException.class)
+    public void testAIOBEInCorruptStreamShouldThrowIOException() throws IOException {
+        // From #645
+        try (InputStream ccittFaxDecoderStream = new CCITTFaxDecoderStream(getResourceAsStream("/ccitt/645.ccitt"), 7, 4, 0, false)) {
+            while(ccittFaxDecoderStream.read() != -1); // Just read until the end
+        }
+    }
+
+    private InputStream getResourceAsStream(String name) {
+        return getClass().getResourceAsStream(name);
+    }
 }
diff --git a/imageio/imageio-tiff/src/test/resources/ccitt/645.ccitt b/imageio/imageio-tiff/src/test/resources/ccitt/645.ccitt
new file mode 100644
index 00000000..b30401ad
--- /dev/null
+++ b/imageio/imageio-tiff/src/test/resources/ccitt/645.ccitt
@@ -0,0 +1,7 @@
+����]L�� H��t\e��G�Dn0��ܯ菑�#�����GFtGG�m�|�����6��GD|�
+N�T�J��ф#��1"�������������̒����H!e�"�4�":DqC�;#��B"&$��@�|6)�&V{ ��Aq�H�!;��P��&8��c��"�$&�GD|��EZ(�#T�^|[�`�96��PP� ��Ė1�?SHp�dq��,!�!��#�A$ ��
+@��;r��A�DD��BvR
+��$C��G�� @� �BVw	"c�%<e~��(s�1h����#/�Q.b0�$
+�D�8@�""�C�t0�Y|�t���ph$���;�pAF
+�":�8�А�����vĘ�8b��ұ$9�<���"
�qR���<��8�q���A28ˠ��E�EAP!a5�9�Dq�FdG9NS�1HJ��&��1�nM(DDB*�H���э���H!)�>P�>%�3���Ñ,Þ�
+˔X+�"�	":�Y���!ɏ⒘rpc�.lL8"8.G0ƁH �K��C��Dp@���'���
\ No newline at end of file