[OpenJDK 2D-Dev] [9] RFR: JDK-8167278: ArrayIndexOutOfBoundsException when calling ImageIO.read(InputStream) with RLE4 BMP

Prahalad Kumar Narayanan prahalad.kumar.narayanan at oracle.com
Fri Jan 13 09:24:06 UTC 2017

Hello Everyone

Good day to you.

Request your time in reviewing the fix for bug
    . [JDK-8167278] : ArrayIndexOutOfBoundsException when calling ImageIO.read(InputStream) with RLE4 BMP 

Root Cause
    . The issue seems to stem from a mal-formed RLE4 Encoded Bitmap Image
    . Specifically - the width as mentioned in header and encoded image data do not match.
    . Unfortunately, the decoder logic doesn't contain guard checks to prevent out of bounds array access.

Fix Details:
    . Necessary guard conditions have been put to the RLE4 bitmap decoding logic.
    . Besides, two new issues were observed in same function block. They have been addressed as well.
             i. The last scanline of decoded image is missed in destination image (when EoF sequence arrives without EoL)
                    . This was observed with a sample image created with gimp tool.
             ii. Handling of Delta encoding (0x00 0x02 xOffset yOffset)
                    . The scanline of decoded image should be copied to destination if yOff shifts next pixel's location to other line
                    . Secondly, the scanline index should be limited by boundary value after x and y offsets are added.
                    . Note: I couldn't create a suitable image with Delta encoding in image buffer. Hence this small change could not be tested.

Other Details:
    . The fix was run through both Jtreg and JCK test suites. No regressions were seen.

The changes are available for your review under: 
    Link: http://cr.openjdk.java.net/~pnarayanan/8167278/webrev.00/

Kindly review the changes at your convenience and share your feedback.

Thank you for your time in review
Have a good day

Prahalad N.

More information about the 2d-dev mailing list