#275 Fix infinite loop if EOF before header done

2025-08-04 20:15:28 -04:00 · 2016-08-08 11:27:12 +02:00 · 2016-08-08 11:27:12 +02:00 · 44401d9a0d
commit 44401d9a0d
parent c18893184b
2 changed files with 79 additions and 6 deletions
--- a/imageio/imageio-batik/src/main/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReaderSpi.java
+++ b/imageio/imageio-batik/src/main/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReaderSpi.java
@ -52,6 +52,7 @@ public final class SVGImageReaderSpi extends ImageReaderSpiBase {
    /**
     * Creates an {@code SVGImageReaderSpi}.
     */
    @SuppressWarnings("WeakerAccess")
    public SVGImageReaderSpi() {
        super(new SVGProviderInfo());
    }
@ -60,6 +61,7 @@ public final class SVGImageReaderSpi extends ImageReaderSpiBase {
        return pSource instanceof ImageInputStream && SVG_READER_AVAILABLE && canDecode((ImageInputStream) pSource);
    }
    @SuppressWarnings("StatementWithEmptyBody")
    private static boolean canDecode(final ImageInputStream pInput) throws IOException {
        // NOTE: This test is quite quick as it does not involve any parsing,
        // however it may not recognize all kinds of SVG documents.
@ -94,15 +96,15 @@ public final class SVGImageReaderSpi extends ImageReaderSpiBase {
                if (buffer[0] == '?') {
                    // This is the XML declaration or a processing instruction
-                    while (!(pInput.read() == '?' && pInput.read() == '>')) {
+                    while (!((pInput.readByte() & 0xFF) == '?' && pInput.read() == '>')) {
-                        // Skip until end of XML declaration or processing instruction
+                        // Skip until end of XML declaration or processing instruction or EOF
                    }
                }
                else if (buffer[0] == '!') {
                    if (buffer[1] == '-' && buffer[2] == '-') {
                        // This is a comment
-                        while (!(pInput.read() == '-' && pInput.read() == '-' && pInput.read() == '>')) {
+                        while (!((pInput.readByte() & 0xFF) == '-' && pInput.read() == '-' && pInput.read() == '>')) {
-                            // Skip until end of comment
+                            // Skip until end of comment or EOF
                        }
                    }
                    else if (buffer[1] == 'D' && buffer[2] == 'O' && buffer[3] == 'C'
@ -137,8 +139,8 @@ public final class SVGImageReaderSpi extends ImageReaderSpiBase {
                    return false;
                }
-                while (pInput.read() != '<') {
+                while ((pInput.readByte() & 0xFF) != '<') {
-                    // Skip over, until next begin tag
+                    // Skip over, until next begin tag or EOF
                }
            }
        }
@ -147,6 +149,7 @@ public final class SVGImageReaderSpi extends ImageReaderSpiBase {
            return false;
        }
        finally {
            //noinspection ThrowFromFinallyBlock
            pInput.reset();
        }
    }
--- a/imageio/imageio-batik/src/test/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReaderSpiTest.java
+++ b/imageio/imageio-batik/src/test/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReaderSpiTest.java
@ -0,0 +1,70 @@
 package com.twelvemonkeys.imageio.plugins.svg;
 import com.twelvemonkeys.imageio.stream.ByteArrayImageInputStream;
 import com.twelvemonkeys.imageio.stream.URLImageInputStreamSpi;
 import org.junit.Test;
 import javax.imageio.ImageIO;
 import javax.imageio.spi.IIORegistry;
 import javax.imageio.spi.ImageReaderSpi;
 import javax.imageio.stream.ImageInputStream;
 import java.nio.charset.StandardCharsets;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 /**
 * SVGImageReaderSpiTest.
 *
 * @author <a href="mailto:harald.kuhr@gmail.com">Harald Kuhr</a>
 * @author last modified by $Author: harald.kuhr$
 * @version $Id: SVGImageReaderSpiTest.java,v 1.0 08/08/16 harald.kuhr Exp$
 */
 public class SVGImageReaderSpiTest {
    private static final String[] VALID_INPUTS = {
            "/svg/Android_robot.svg", // Minimal, no xml dec, no namespace
            "/svg/batikLogo.svg",     // xml dec, comments, namespace
            "/svg/blue-square.svg",   // xml dec, namespace
            "/svg/red-square.svg",
    };
    private static final String[] INVALID_INPUTS = {
        "<xml>",
        "<",
        "<?",
        "<?1",
        "<?12",
        "<?123", // #275 Infinite loop issue
        "<!--",
        "<!-- ", // #275 Infinite loop issue
        "<?123?>", // #275 Infinite loop issue
        "<svg",
    };
    static {
        IIORegistry.getDefaultInstance().registerServiceProvider(new URLImageInputStreamSpi());
        ImageIO.setUseCache(false);
    }
    private final ImageReaderSpi provider = new SVGImageReaderSpi();
    @Test
    public void canDecodeInput() throws Exception {
        for (String validInput : VALID_INPUTS) {
            try (ImageInputStream input = ImageIO.createImageInputStream(getClass().getResource(validInput))) {
                assertTrue("Can't read valid input: " + validInput, provider.canDecodeInput(input));
            }
        }
    }
    // Test will time out, if EOFs are not properly detected, see #275
    @Test(timeout = 5000)
    public void canDecodeInputInvalid() throws Exception {
        for (String invalidInput : INVALID_INPUTS) {
            try (ImageInputStream input = new ByteArrayImageInputStream(invalidInput.getBytes(StandardCharsets.UTF_8))) {
                assertFalse("Claims to read invalid input:" + invalidInput, provider.canDecodeInput(input));
            }
        }
    }
 }