You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Le Huu Quang Linh (JIRA)" <ji...@apache.org> on 2019/03/26 12:24:00 UTC
[jira] [Created] (IMAGING-222) JPEG segment size not validated
Le Huu Quang Linh created IMAGING-222:
-----------------------------------------
Summary: JPEG segment size not validated
Key: IMAGING-222
URL: https://issues.apache.org/jira/browse/IMAGING-222
Project: Commons Imaging
Issue Type: Bug
Components: Format: JPEG
Reporter: Le Huu Quang Linh
Attachments: NegSegment.jpg
Using my AFL-based fuzzer for Java. I found that a NegativeArraySizeException may be throw when attempting to read an invalid JPEG image.
{code:java}
public void traverseJFIF(final ByteSource byteSource, final Visitor visitor)
throws ImageReadException,
IOException {
try (InputStream is = byteSource.getInputStream()) {
readAndVerifyBytes(is, JpegConstants.SOI,
"Not a Valid JPEG File: doesn't begin with 0xffd8");
{code}
I think you should add the handle NegativeArraySizeException exception
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)