You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Dominik Stadler (Jira)" <ji...@apache.org> on 2022/05/21 05:42:00 UTC

[jira] [Created] (IMAGING-332) OutOfMemory with invalid PNG input file

Dominik Stadler created IMAGING-332:
---------------------------------------

             Summary: OutOfMemory with invalid PNG input file
                 Key: IMAGING-332
                 URL: https://issues.apache.org/jira/browse/IMAGING-332
             Project: Commons Imaging
          Issue Type: Bug
          Components: Format: PNG
    Affects Versions: 1.0-alpha3
            Reporter: Dominik Stadler


The following snippet will cause an OOM as it tries to allocate a huge byte-array.

 
{code:java}
byte[] input = java.util.Base64.getDecoder().decode("iVBORw0KGgoAAAAbaUNDUMlDQyCrbAAtGHZwQWdQyUNDIKtsAAAYiVBORw0KGgp1AAAASURBVA0KGgoAAAANSUhEUgAAACAAIAQACAJ/2QAAsnMAAAAAAElFTkRCYAAY");
Imaging.getAllBufferedImages(input); {code}
All such allocations should be guarded by some limits, see e.g. [https://poi.apache.org/apidocs/dev/org/apache/poi/util/IOUtils.html#safelyAllocate-long-int-] for how Apache POI supports a configurable limit for allocations.

 



--
This message was sent by Atlassian Jira
(v8.20.7#820007)