Backups/TwelveMonkeys
2
0
Fork 0
mirror of https://github.com/haraldk/TwelveMonkeys.git synced 2025-08-03 11:35:29 -04:00
Code Issues Projects Releases Wiki Activity

#488: Fix for AIOOBE in getEmbeddedICCProfile when ICC profile is empty

Browse Source
This commit is contained in:
Harald Kuhr 2019-08-07 16:18:01 +02:00
parent f6aa810f8b
commit ee049d9465
3 changed files with 33 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
imageio/imageio-jpeg/src/main/java/com/twelvemonkeys/imageio/plugins/jpeg/JPEGImageReader.java
View File

@ -932,7 +932,7 @@ public final class JPEGImageReader extends ImageReaderBase {
return data; return data;
} }
protected ICC_Profile getEmbeddedICCProfile(final boolean allowBadIndexes) throws IOException { ICC_Profile getEmbeddedICCProfile(final boolean allowBadIndexes) throws IOException {
// ICC v 1.42 (2006) annex B: // ICC v 1.42 (2006) annex B:
// APP2 marker (0xFFE2) + 2 byte length + ASCII 'ICC_PROFILE' + 0 (termination) // APP2 marker (0xFFE2) + 2 byte length + ASCII 'ICC_PROFILE' + 0 (termination)
// + 1 byte chunk number + 1 byte chunk count (allows ICC profiles chunked in multiple APP2 segments) // + 1 byte chunk number + 1 byte chunk count (allows ICC profiles chunked in multiple APP2 segments)
@ -956,8 +956,9 @@ public final class JPEGImageReader extends ImageReaderBase {
return null; return null;
} }
int iccChunkDataSize = segment.data.length - segment.identifier.length() - 3; // ICC_PROFILE + null + chunk number + count int segmentDataStart = segment.identifier.length() + 3; // ICC_PROFILE + null + chunk number + count
int iccSize = intFromBigEndian(segment.data, segment.identifier.length() + 3); int iccChunkDataSize = segment.data.length - segmentDataStart;
int iccSize = segment.data.length < segmentDataStart + 4 ? 0 : intFromBigEndian(segment.data, segmentDataStart);
return readICCProfileSafe(stream, allowBadIndexes, iccSize, iccChunkDataSize); return readICCProfileSafe(stream, allowBadIndexes, iccSize, iccChunkDataSize);
} }
@ -1010,9 +1011,10 @@ public final class JPEGImageReader extends ImageReaderBase {
int index = badICC ? i : chunkNumber - 1; int index = badICC ? i : chunkNumber - 1;
streams[index] = stream; streams[index] = stream;
iccChunkDataSize += segment.data.length - segment.identifier.length() - 3; int segmentDataStart = segment.identifier.length() + 3; // ICC_PROFILE + null + chunk number + count
iccChunkDataSize += segment.data.length - segmentDataStart;
if (index == 0) { if (index == 0) {
iccSize = intFromBigEndian(segment.data, segment.identifier.length() + 3); iccSize = intFromBigEndian(segment.data, segmentDataStart);
} }
} }

30
imageio/imageio-jpeg/src/test/java/com/twelvemonkeys/imageio/plugins/jpeg/JPEGImageReaderTest.java
View File

@ -56,8 +56,8 @@ import java.awt.color.ICC_Profile;
import java.awt.image.BufferedImage; import java.awt.image.BufferedImage;
import java.awt.image.DataBufferByte; import java.awt.image.DataBufferByte;
import java.io.*; import java.io.*;
import java.util.*;
import java.util.List; import java.util.List;
import java.util.*;
import static com.twelvemonkeys.imageio.util.IIOUtil.lookupProviderByName; import static com.twelvemonkeys.imageio.util.IIOUtil.lookupProviderByName;
import static org.junit.Assert.*; import static org.junit.Assert.*;
@ -1784,8 +1784,8 @@ public class JPEGImageReaderTest extends ImageReaderAbstractTest<JPEGImageReader
public void testReadSequenceInverse() throws IOException { public void testReadSequenceInverse() throws IOException {
JPEGImageReader reader = createReader(); JPEGImageReader reader = createReader();
try { try (ImageInputStream stream = ImageIO.createImageInputStream(getClassLoaderResource("/jpeg/jfif-with-preview-as-second-image.jpg"))) {
reader.setInput(ImageIO.createImageInputStream(getClassLoaderResource("/jpeg/jfif-with-preview-as-second-image.jpg"))); reader.setInput(stream);
BufferedImage image = reader.read(1, null); BufferedImage image = reader.read(1, null);
@ -1835,7 +1835,29 @@ public class JPEGImageReaderTest extends ImageReaderAbstractTest<JPEGImageReader
assertNotNull(image); assertNotNull(image);
assertEquals(386, image.getWidth()); assertEquals(386, image.getWidth());
assertEquals(396, image.getHeight()); assertEquals(396, image.getHeight());
} finally { }
finally {
reader.dispose();
}
}
@Test
public void testReadEmptyICCProfile() throws IOException {
JPEGImageReader reader = createReader();
try (ImageInputStream stream = ImageIO.createImageInputStream(getClassLoaderResource("/jpeg/exif-empty-icc-profile.jpeg"))) {
reader.setInput(stream);
assertEquals(612, reader.getWidth(0));
assertEquals(816, reader.getHeight(0));
BufferedImage image = reader.read(0, null);
assertNotNull(image);
assertEquals(612, image.getWidth());
assertEquals(816, image.getHeight());
}
finally {
reader.dispose(); reader.dispose();
} }
} }

BIN
imageio/imageio-jpeg/src/test/resources/jpeg/exif-empty-icc-profile.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 172 KiB