RFR: 8302151: BMPImageReader throws an exception reading BMP images
Jayathirth D V
jdv at openjdk.org
Mon Feb 20 09:37:29 UTC 2023
On Wed, 15 Feb 2023 23:20:03 GMT, Sergey Bylokhov <serb at openjdk.org> wrote:
>> We have check in BMPImageReader, where we verify image data size using BMP file size and bitmap offset value.
>> But we can't rely on this calculation when we have color palette. Also color palette is necessary in BMP when bits per pixel is less than 16 according to BMP specification(https://learn.microsoft.com/en-us/windows/win32/api/wingdi/ns-wingdi-bitmapv4header).
>>
>> Now extra checks are added to not perform this check when we have color palette or bpp is less than 16.
>>
>> Also when bitsPerPixel was less than 8 it was getting down-casted to 0. So this is also resolved by making this check for >=16bpp and not doing (bitsPerPixel / 8)
>
> src/java.desktop/share/classes/com/sun/imageio/plugins/bmp/BMPImageReader.java line 596:
>
>> 594:
>> 595: if (metadata.compression == BI_RGB &&
>> 596: metadata.paletteSize == 0 &&
>
> Do we validate the "metadata.paletteSize" in all code paths above or it can be substituted to have the wrong value(do we actually trust it)?
We read color palette using ReaderUtil.staggeredReadByteStream() at all places to make sure we will not end up in OOME situations. So we can say that paletteSize parameter is well protected.
In general, we can't verify checks for all the parameters of header in a stream. This just adds more verification to overcome the regression introduced for reading lower bpp images.
-------------
PR: https://git.openjdk.org/jdk/pull/12573
More information about the client-libs-dev
mailing list