RFR: 8318951: Additional negative value check in JPEG decoding
Jayathirth D V
jdv at openjdk.org
Mon Oct 30 04:32:33 UTC 2023
On Fri, 27 Oct 2023 18:48:17 GMT, Sergey Bylokhov <serb at openjdk.org> wrote:
> I am not sure in what case this bug can be reproduced, but if it possible to get overflow there in the real app then probably we should skip that bytes in a few steps using small data?
@mrserb yes in the current code there is no way we can hit overflow because streambuffer size is 4096 only and all skip_input_data() calls with some length are coming only from IJG and the length data is of 2 Bytes size. So `long num_bytes` cannot overflow in these scenarios. This is more of defense in depth fix for future scenarios.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/16390#issuecomment-1784461503
More information about the client-libs-dev
mailing list