You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Dominik Stadler (Jira)" <ji...@apache.org> on 2022/08/15 05:07:00 UTC

[jira] [Comment Edited] (IMAGING-332) OutOfMemory with invalid PNG input file

    [ https://issues.apache.org/jira/browse/IMAGING-332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17579450#comment-17579450 ] 

Dominik Stadler edited comment on IMAGING-332 at 8/15/22 5:06 AM:
------------------------------------------------------------------

I can reproduce it also on the latest snapshot 1.0-20220814.043056-149, maybe you need to use a smaller -Xmx to actually reproduce it.

You can check out https://github.com/centic9/imaging-fuzz/tree/IMAGING-332_Reproduce_OOM (see branch IMAGING-332_Reproduce_OOM, main has this test disabled for now), and run {{./gradlew check}} to reproduce via FuzzTest#testReproduceOOM2().


was (Author: dominik.stadler@gmx.at):
I can reproduce it also on the latest snapshot 1.0-20220814.043056-149, maybe you need to use a smaller -Xmx to actually reproduce it.

You can check out [https://github.com/centic9/imaging-fuzz] and run {{./gradlew check}} as a reproducer.

> OutOfMemory with invalid PNG input file
> ---------------------------------------
>
>                 Key: IMAGING-332
>                 URL: https://issues.apache.org/jira/browse/IMAGING-332
>             Project: Commons Imaging
>          Issue Type: Bug
>          Components: Format: PNG
>    Affects Versions: 1.0-alpha3
>            Reporter: Dominik Stadler
>            Priority: Blocker
>              Labels: fuzzer
>             Fix For: 1.0
>
>         Attachments: image-2022-08-14-13-50-28-786.png
>
>
> The following snippet will cause an OOM as it tries to allocate a huge byte-array.
>  
> {code:java}
> byte[] input = java.util.Base64.getDecoder().decode("iVBORw0KGgoAAAAbaUNDUMlDQyCrbAAtGHZwQWdQyUNDIKtsAAAYiVBORw0KGgp1AAAASURBVA0KGgoAAAANSUhEUgAAACAAIAQACAJ/2QAAsnMAAAAAAElFTkRCYAAY");
> Imaging.getAllBufferedImages(input); {code}
> All such allocations should be guarded by some limits, see e.g. [https://poi.apache.org/apidocs/dev/org/apache/poi/util/IOUtils.html#safelyAllocate-long-int-] for how Apache POI supports a configurable limit for allocations.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)