RFR: 8160327: Support for thumbnails present in APP1 marker for JPEG [v4]
Jeremy
duke at openjdk.org
Sun Feb 23 19:11:43 UTC 2025
> This adds support for parsing thumbnails in an APP1 Exif marker.
>
> This builds on an unfinished proposal by Brian Burkhalter (around 2016). In that previous work the only additional meta info he parsed was the image creation time; this PR similarly includes the same property. (I can't speak to why he included that property, but it looks like he has a lot of experience with ImageIO so I trust his judgment.)
>
> The test addresses the original images attached to the ticket plus a few extra images I found on my computer that include unusual properties. (Possibly those images are malformed, but if they exist in the wild and other platforms support them then I'd prefer to support them too.)
Jeremy has updated the pull request incrementally with three additional commits since the last revision:
- 8160327: fix looping ImageFileDirectory vulnerability
There was a `while` loop that someone could exploit to loop infinitely. Now we read exactly 2 iterations and stop.
- 8160327: remove bug ID from image file names
Now the bug ID is mentioned in their parent directory name.
This is in response to:
https://github.com/openjdk/jdk/pull/22898#issuecomment-2675396159
- 8160327: replace image of unknown origin with my own image
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/22898/files
- new: https://git.openjdk.org/jdk/pull/22898/files/a67369a6..366a8c37
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=22898&range=03
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=22898&range=02-03
Stats: 36 lines in 11 files changed: 18 ins; 1 del; 17 mod
Patch: https://git.openjdk.org/jdk/pull/22898.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/22898/head:pull/22898
PR: https://git.openjdk.org/jdk/pull/22898
More information about the client-libs-dev
mailing list