RFR: 8287102: ImageReaderSpi.canDecodeInput() for standard plugins should return false if a stream is too short [v2]
Sergey Bylokhov
serb at openjdk.java.net
Tue May 24 01:31:58 UTC 2022
On Mon, 23 May 2022 08:09:20 GMT, Martin Desruisseaux <duke at openjdk.java.net> wrote:
>> Invoking `ImageReaderSpi.canDecodeInput(Object)` with a stream having less than 8 bytes causes an `EOFException` to be thrown instead of returning `false`. This is caused by BMP, WBMP, GIF, PNG and TIFF reader implementations assuming that those bytes always exist and not checking EOF conditions. The JPEG reader is not impacted.
>>
>> The `CanDecodeTest` class in this pull request reproduces the problem and verifies that the patch solves it. The changes in `canDecodeInput(Object)` method bodies are:
>>
>> * Use `ImageInputStream.read()` instead of `readByte()` and check for -1 (EOF) return value.
>> * Replace `ImageInputStream.readFully(byte[])` calls by a private `tryReadFully` method.
>
> Martin Desruisseaux has updated the pull request incrementally with one additional commit since the last revision:
>
> Test all plugins, not only "BMP".
src/java.desktop/share/classes/com/sun/imageio/plugins/common/ReaderUtil.java line 284:
> 282: } while (offset < b.length);
> 283: return true;
> 284: }
Any reason not to catch EOFException exception in the exceptional situation?
-------------
PR: https://git.openjdk.java.net/jdk/pull/8700
More information about the client-libs-dev
mailing list